#VU112743 Use-after-free in Linux kernel - CVE-2025-38323
Published: July 10, 2025
Vulnerability identifier: #VU112743
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38323
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX(), lec_vcc_attach(), lecd_attach() and lane_ioctl() functions in net/atm/lec.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/17e156a94e94a906a570dbf9b48877956c60bef8
- https://git.kernel.org/stable/c/18e8f0c4f826fb08c2d3825cdd6c57e24b207e0a
- https://git.kernel.org/stable/c/64b378db28a967f7b271b055380c2360279aa424
- https://git.kernel.org/stable/c/a7a713dfb5f9477345450f27c7c0741864511192
- https://git.kernel.org/stable/c/d13a3824bfd2b4774b671a75cf766a16637a0e67
- https://git.kernel.org/stable/c/dffd03422ae6a459039c8602f410e6c0f4cbc6c8
- https://git.kernel.org/stable/c/e91274cc7ed88ab5bdc62d426067c82b0b118a0b
- https://git.kernel.org/stable/c/f4d80b16ecc4229f7e6345158ef34c36be323f0e