#VU110683 Use-after-free in Linux kernel - CVE-2025-38000
Vulnerability identifier: #VU110683
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1034e3310752e8675e313f7271b348914008719a
https://git.kernel.org/stable/c/3f3a22eebbc32b4fa8ce9c1d5f9db214b45b9335
https://git.kernel.org/stable/c/3f981138109f63232a5fb7165938d4c945cc1b9d
https://git.kernel.org/stable/c/49b21795b8e5654a7df3d910a12e1060da4c04cf
https://git.kernel.org/stable/c/89c301e929a0db14ebd94b4d97764ce1d6981653
https://git.kernel.org/stable/c/93c276942e75de0e5bc91576300d292e968f5a02
https://git.kernel.org/stable/c/f1dde3eb17dc1b8bd07aed00004b1e05fc87a3d4
https://git.kernel.org/stable/c/f9f593e34d2fb67644372c8f7b033bdc622ad228
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
