SB2025102335 - Use-after-free in Linux kernel xfrm
Published: October 23, 2025 Updated: October 26, 2025
Security Bulletin ID
SB2025102335
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-50569)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipcomp_free_scratches() function in net/xfrm/xfrm_ipcomp.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61
- https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e
- https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28
- https://git.kernel.org/stable/c/2c19945ce8095d065df550e7fe350cd5cc40c6e6
- https://git.kernel.org/stable/c/8a04d2fc700f717104bfb95b0f6694e448a4537f
- https://git.kernel.org/stable/c/a39f456d62810c0efb43cead22f98d95b53e4b1a
- https://git.kernel.org/stable/c/be81c44242b20fc3bdcc73480ef8aaee56f5d0b6
- https://git.kernel.org/stable/c/debca61df6bc2f65e020656c9c5b878d6b38d30f
- https://git.kernel.org/stable/c/f3bdba4440d82e0da2b1bfc35d3836c8a8e00677
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.17