SB2025091853 - Use-after-free in Linux kernel core
Published: September 18, 2025 Updated: September 22, 2025
Security Bulletin ID
SB2025091853
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-53338)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the run_lwt_bpf() and bpf_lwt_xmit_reroute() functions in net/core/lwt_bpf.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/065d5f17096ec9161180e2c890afdff4dc6125f2
- https://git.kernel.org/stable/c/29b22badb7a84b783e3a4fffca16f7768fb31205
- https://git.kernel.org/stable/c/65583f9e070db7bece20710cfa2e3daeb0b831d9
- https://git.kernel.org/stable/c/67f8f2bae8e7ac72e09def2b667e44704c4d1ee1
- https://git.kernel.org/stable/c/a97f221651fcdc891166e9bc270e3d9bfa5a0080
- https://git.kernel.org/stable/c/d68c17402442f5f494a2c3ebde5cb82f6aa9160a
- https://git.kernel.org/stable/c/e3f647e4b642f9f6d32795a16f92c116c138d2af
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.132