#VU104952 Use-after-free in Linux kernel - CVE-2025-21791


| Updated: 2025-05-11

Vulnerability identifier: #VU104952

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21791

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.1.128

External links
https://git.kernel.org/stable/c/022cac1c693add610ae76ede03adf4d9d5a2cf21
https://git.kernel.org/stable/c/6d0ce46a93135d96b7fa075a94a88fe0da8e8773
https://git.kernel.org/stable/c/7b81425b517accefd46bee854d94954f5c57e019
https://git.kernel.org/stable/c/c40cb5c03e37552d6eff963187109e2c3f78ef6f
https://git.kernel.org/stable/c/c7574740be8ce68a57d0aece24987b9be2114c3c
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.129

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Ubuntu update for linux-azure-fips
Ubuntu update for linux-azure
Ubuntu update for linux-gcp
Ubuntu update for linux-gcp-fips
Ubuntu update for linux-aws-fips
Ubuntu update for linux
SUSE update for the Linux Kernel (Live Patch 61 for SUSE Linux Enterprise 12 SP5)
SUSE update for the Linux Kernel (Live Patch 39 for SLE 15 SP4)
SUSE update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
SUSE update for the Linux Kernel (Live Patch 64 for SLE 12 SP5)