SB20250916125 - Use-after-free in Linux kernel wireless
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916125
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-53153)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cfg80211_conn_work(), cfg80211_get_conn_bss(), cfg80211_sme_connect() and cfg80211_connect() functions in net/wireless/sme.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/015b8cc5e7c4d7bb671f1984d7b7338c310b185b
- https://git.kernel.org/stable/c/22dfb21bf1cd876616d45cda1bc6daa89eec6747
- https://git.kernel.org/stable/c/2cfe78619b0de6d2da773978bc2d22797212eaa7
- https://git.kernel.org/stable/c/66af4a2ab1d65d556d638cb9555a3b823c2557a9
- https://git.kernel.org/stable/c/6f1959c17d4cb5b74af6fc31dc787e1dc3e4f6e2
- https://git.kernel.org/stable/c/a2a92b3e9d8e03ee3f9ee407fc46a9b4bd02d8b6
- https://git.kernel.org/stable/c/f4b6a138efb8a32507b8946104e32cb926308da7
- https://git.kernel.org/stable/c/fd081afd21eb35b968b0330700c43ec94986e1c4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.99