#VU105134 Use-after-free in Linux kernel - CVE-2025-21812
Published: February 28, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU105134
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-21812
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67ffd7d66f11e3605
- https://git.kernel.org/stable/c/7705d8a7f2c26c80973c81093db07c6022b2b30e
- https://git.kernel.org/stable/c/8937f5e38a218531dce2a89fae60e3adcc2311e1
- https://git.kernel.org/stable/c/95fc45d1dea8e1253f8ec58abc5befb71553d666
- https://git.kernel.org/stable/c/c2531db6de3c95551be58878f859c6a053b7eb2e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.2