Local Privilege Escalation Vulnerability in Ubuntu Linux 6.8 GA
CVE-2025-13350

7.1HIGH

Key Information:

Vendor: Canonical
Status: Ubuntu Linux
Vendor: CVE Published:; 5 March 2026

What is CVE-2025-13350?

A vulnerability in Ubuntu Linux 6.8 GA arises from the legacy AF_UNIX garbage collector retaining improper handling of orphaned MSG_OOB sockets. When these sockets trigger the garbage collector, a use-after-free condition occurs, leading to a local privilege escalation scenario. This issue allows unauthorized access, as the garbage collector expects certain references which are not present, resulting in potential exposure to sensitive data and system manipulation. Systems running versions earlier than 6.8.0-84.84 are at risk, while updates addressing this flaw are imperative for maintaining system integrity.

Affected Version(s)

Ubuntu Linux 6.8.0-56.58 < 6.8.0-84.84

References

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2121515

issue-tracking

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/l...

patch

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2026
Vulnerability Reserved
Nov 18, 2025

Credit

Noam Rathaus

CVE-2025-13350 Data

JSON

Canonical

What is CVE-2025-13350?

Affected Version(s)

References

CVSS V4

Timeline

Credit