#VU108247 Use-after-free in Linux kernel - CVE-2025-23150
Vulnerability identifier: #VU108247
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 5.4 - 5.4.292
External links
https://git.kernel.org/stable/c/16d9067f00e3a7d1df7c3aa9c20d214923d27e10
https://git.kernel.org/stable/c/17df39f455f1289319d4d09e4826aa46852ffd17
https://git.kernel.org/stable/c/2883e9e74f73f9265e5f8d1aaaa89034b308e433
https://git.kernel.org/stable/c/2eeb1085bf7bd5c7ba796ca4119925fa5d336a3f
https://git.kernel.org/stable/c/35d0aa6db9d93307085871ceab8a729594a98162
https://git.kernel.org/stable/c/515c34cff899eb5dae6aa7eee01c1295b07d81af
https://git.kernel.org/stable/c/94824ac9a8aaf2fb3c54b4bdde842db80ffa555d
https://git.kernel.org/stable/c/ab0cc5c25552ae0d20eae94b40a93be11b080fc5
https://git.kernel.org/stable/c/b96bd2c3db26ad0daec5b78c85c098b53900e2e1
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.293
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
