Use-after-free in Linux kernel core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-22057 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU107671
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22057
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dst_count_dec() function in net/core/dst.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.14 - 6.14.1
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:6.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:6.14.1:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3a0a3ff6593d670af2451ec363ccb7b18aec0c0a
https://git.kernel.org/stable/c/836415a8405c9665ae55352fc5ba865c242f5e4f
https://git.kernel.org/stable/c/92a5c18513117be69bc00419dd1724c1940f8fcd
https://git.kernel.org/stable/c/ccc331fd5bcae131d2627d5ef099d4a1f6540aea
https://git.kernel.org/stable/c/e833e7ad64eb2f63867f65303be49ca30ee8819e
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
