SB20251230155 - Use-after-free in Linux kernel en tc driver
Published: December 30, 2025 Updated: December 31, 2025
Security Bulletin ID
SB20251230155
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-54262)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/net/ethernet/mellanox/mlx5/core/en/tc/post_act.h. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2d57a514f9ab7d2d40f49b02d93edfcec8c78a9e
- https://git.kernel.org/stable/c/8fd1dac646e6b08d03e3f1ad3c5b34255b1e08e8
- https://git.kernel.org/stable/c/c382b693ffcb1f1ebf60d76ab9dedfe9ea13eedf
- https://git.kernel.org/stable/c/e9fce818fe003b6c527f25517b9ac08eb4661b5d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4