SB20251226160 - Use-after-free in Linux kernel ceph
Published: December 26, 2025 Updated: December 31, 2025
Security Bulletin ID
SB20251226160
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-53867)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/ceph/super.h. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2b2515b8095cf2149bef44383a99d5b5677f1831
- https://git.kernel.org/stable/c/448875a73e16ba7d81dec9274ce9d33a12d092fb
- https://git.kernel.org/stable/c/aaf67de78807c59c35bafb5003d4fb457c764800
- https://git.kernel.org/stable/c/ae6e935618d99cdba11eab4714092e7e5f13cf7e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2