CVE-2025-13350

Published Mar 5, 2026

Last updated a month ago

CVSS high 7.1

Overview

Description
Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privilege escalation (LPE) caused by a use-after-free (UAF). Ubuntu builds that have already taken the new GC stack from commit 4090fa373f0e, and mainline Linux kernels shipping that infrastructure are unaffected because they no longer execute the legacy collector path. This issue affects Ubuntu Linux from 6.8.0-56.58 before 6.8.0-84.84.
Source
security@ubuntu.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security@ubuntu.com
CWE-416

Social media

Hype score
Not currently trending

  1. CVE-2025-13350 for Ubuntu Linux kernel https://t.co/ySypcE8GeF Incorrectly backported patch that caused [Ubuntu] to mix an old-style with a new-style garbage collector for Unix Domain Sockets. If you consume the upstream kernel directly, you're fine.

    @oss_security

    9 Mar 2026

    592 Impressions

    0 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-13350 Local Privilege Escalation in Ubuntu Linux 6.8 via AF_UNIX Garbage Collector UAF https://t.co/efDvz4m7fV

    @VulmonFeeds

    6 Mar 2026

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. https://t.co/eZoa3NJDZ6 (CVE-2025-13350) is for: https://t.co/Y2JYEOpylc from last year

    @spendergrsec

    5 Mar 2026

    1574 Impressions

    0 Retweets

    22 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-13350 Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphan… https://t.co/GgdQgK6knI

    @CVEnew

    5 Mar 2026

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.