Use After Free Vulnerability in Linux Kernel Affects Networking Operations
CVE-2025-22004

7.8HIGH

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
3 April 2025

Summary

A use after free vulnerability has been identified in the Linux kernel's ATM networking stack, specifically within the lec_send() operation. This flaw arises when the skb (socket buffer) is freed before its length is saved, resulting in potential memory access violations. It is critical for system administrators to apply updates to prevent exploitation that could lead to unintended behavior or system instability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 50e288097c2c6e5f374ae079394436fc29d1e88e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8cd90c7db08f32829bfa1b5b2b11fbc542afbab7

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 82d9084a97892de1ee4881eb5c17911fcd9be6f6

References

https://git.kernel.org/stable/c/50e288097c2c6e5f374ae0793...
https://git.kernel.org/stable/c/8cd90c7db08f32829bfa1b5b2...
https://git.kernel.org/stable/c/82d9084a97892de1ee4881eb5...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.