#VU106955 Use-after-free in Linux kernel - CVE-2025-21999


| Updated: 2025-05-11

Vulnerability identifier: #VU106955

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21999

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12 - 6.12.20

External links
https://git.kernel.org/stable/c/63b53198aff2e4e6c5866a4ff73c7891f958ffa4
https://git.kernel.org/stable/c/64dc7c68e040251d9ec6e989acb69f8f6ae4a10b
https://git.kernel.org/stable/c/654b33ada4ab5e926cd9c570196fefa7bec7c1df
https://git.kernel.org/stable/c/966f331403dc3ed04ff64eaf3930cf1267965e53
https://git.kernel.org/stable/c/ede3e8ac90ae106f0b29cd759aadebc1568f1308
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.21

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
Multiple vulnerabilities in IBM DataPower Gateway
SUSE update for the Linux Kernel
Ubuntu update for linux-oracle-6.8
Ubuntu update for linux-azure-nvidia
Ubuntu update for linux-oracle
Ubuntu update for linux-azure
Ubuntu update for linux-raspi-realtime
Ubuntu update for linux-hwe-6.8
Ubuntu update for linux-raspi