SB2025022849 - Use-after-free in Linux kernel
Published: February 28, 2025 Updated: May 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-21812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67ffd7d66f11e3605
- https://git.kernel.org/stable/c/7705d8a7f2c26c80973c81093db07c6022b2b30e
- https://git.kernel.org/stable/c/8937f5e38a218531dce2a89fae60e3adcc2311e1
- https://git.kernel.org/stable/c/95fc45d1dea8e1253f8ec58abc5befb71553d666
- https://git.kernel.org/stable/c/c2531db6de3c95551be58878f859c6a053b7eb2e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.2