Ubuntu Linux: Unpatched Sockets Can Cause Local Privilege Escalation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.6

Ubuntu Linux: Unpatched Sockets Can Cause Local Privilege Escalation

UBUNTU-CVE-2025-13350

Summary

A security issue in Ubuntu Linux versions 6.8.0-56.58 to 6.8.0-84.84 can allow an attacker to gain elevated access to the system. This is because the operating system fails to properly manage certain types of network connections, leading to a situation where the system tries to access memory that has already been freed. To fix this issue, update your Ubuntu Linux installation to a version that includes the necessary patch.

What to do

Update canonical linux-aws-6.8 to version 6.8.0-1039.41~22.04.1.
Update canonical linux-azure-6.8 to version 6.8.0-1040.46~22.04.1.
Update canonical linux-gcp-6.8 to version 6.8.0-1040.42~22.04.1.
Update canonical linux-hwe-6.8 to version 6.8.0-85.85~22.04.1.
Update canonical linux-ibm-6.8 to version 6.8.0-1037.37~22.04.1.
Update canonical linux-lowlatency-hwe-6.8 to version 6.8.0-84.84.1~22.04.1.
Update canonical linux-nvidia-6.8 to version 6.8.0-1039.42~22.04.1.
Update canonical linux-oracle-6.8 to version 6.8.0-1037.38~22.04.1.
Update canonical linux-riscv-6.8 to version 6.8.0-84.84~22.04.1.
Update canonical linux-realtime-6.8 to version 6.8.1-1034.35~22.04.1.
Update canonical linux to version 6.8.0-84.84.
Update canonical linux-aws to version 6.8.0-1039.41.
Update canonical linux-azure to version 6.8.0-1038.44.
Update canonical linux-azure-nvidia to version 6.8.0-1025.27.
Update canonical linux-gcp to version 6.8.0-1040.42.
Update canonical linux-gke to version 6.8.0-1036.40.
Update canonical linux-gkeop to version 6.8.0-1023.25.
Update canonical linux-ibm to version 6.8.0-1037.37.
Update canonical linux-lowlatency to version 6.8.0-84.84.1.
Update canonical linux-nvidia to version 6.8.0-1039.42.
Update canonical linux-nvidia-lowlatency to version 6.8.0-1039.42.1.
Update canonical linux-nvidia-tegra to version 6.8.0-1012.12.
Update canonical linux-oracle to version 6.8.0-1037.38.
Update canonical linux-raspi to version 6.8.0-1039.43.
Update canonical linux-xilinx to version 6.8.0-1018.19.
Update canonical linux-aws-fips to version 6.8.0-1039.41+fips1.
Update canonical linux-azure-fips to version 6.8.0-1040.46+fips1.
Update canonical linux-fips to version 6.8.0-84.84+fips1.
Update canonical linux-gcp-fips to version 6.8.0-1040.42+fips1.
Update canonical linux-raspi-realtime to version 6.8.0-2031.32.
Update canonical linux-realtime to version 6.8.1-1034.35.

Affected software

Vendor	Product	Affected versions	Fix available
canonical	linux-hwe-edge	All versions	–
canonical	linux-aws-5.0	All versions	–
canonical	linux-aws-5.3	All versions	–
canonical	linux-azure	All versions	–
canonical	linux-azure-5.3	All versions	–
canonical	linux-azure-edge	All versions	–
canonical	linux-gcp	All versions	–
canonical	linux-gcp-5.3	All versions	–
canonical	linux-gke-4.15	All versions	–
canonical	linux-gke-5.4	All versions	–
canonical	linux-gkeop-5.4	All versions	–
canonical	linux-hwe	All versions	–
canonical	linux-hwe-edge	All versions	–
canonical	linux-oem	All versions	–
canonical	linux-oracle-5.0	All versions	–
canonical	linux-oracle-5.3	All versions	–
canonical	linux-aws-5.11	All versions	–
canonical	linux-aws-5.13	All versions	–
canonical	linux-aws-5.8	All versions	–
canonical	linux-azure-5.11	All versions	–
canonical	linux-azure-5.13	All versions	–
canonical	linux-azure-5.8	All versions	–
canonical	linux-azure-fde	All versions	–
canonical	linux-gcp-5.11	All versions	–
canonical	linux-gcp-5.13	All versions	–
canonical	linux-gcp-5.8	All versions	–
canonical	linux-gke	All versions	–
canonical	linux-gke-5.15	All versions	–
canonical	linux-gkeop	All versions	–
canonical	linux-gkeop-5.15	All versions	–
canonical	linux-hwe-5.11	All versions	–
canonical	linux-hwe-5.13	All versions	–
canonical	linux-hwe-5.8	All versions	–
canonical	linux-intel-5.13	All versions	–
canonical	linux-oem-5.10	All versions	–
canonical	linux-oem-5.13	All versions	–
canonical	linux-oem-5.14	All versions	–
canonical	linux-oem-5.6	All versions	–
canonical	linux-oracle-5.11	All versions	–
canonical	linux-oracle-5.13	All versions	–
canonical	linux-oracle-5.8	All versions	–
canonical	linux-raspi2	All versions	–
canonical	linux-riscv	All versions	–
canonical	linux-riscv-5.11	All versions	–
canonical	linux-riscv-5.8	All versions	–
canonical	linux-allwinner-5.19	All versions	–
canonical	linux-aws-5.19	All versions	–
canonical	linux-aws-6.2	All versions	–
canonical	linux-aws-6.5	All versions	–
canonical	linux-aws-6.8	<= 6.8.0-1039.41~22.04.1	6.8.0-1039.41~22.04.1
canonical	linux-azure-5.19	All versions	–
canonical	linux-azure-6.2	All versions	–
canonical	linux-azure-6.5	All versions	–
canonical	linux-azure-6.8	<= 6.8.0-1040.46~22.04.1	6.8.0-1040.46~22.04.1
canonical	linux-azure-fde-5.19	All versions	–
canonical	linux-azure-fde-6.2	All versions	–
canonical	linux-azure-fde-6.8	All versions	–
canonical	linux-gcp-5.19	All versions	–
canonical	linux-gcp-6.2	All versions	–
canonical	linux-gcp-6.5	All versions	–
canonical	linux-gcp-6.8	<= 6.8.0-1040.42~22.04.1	6.8.0-1040.42~22.04.1
canonical	linux-hwe-5.19	All versions	–
canonical	linux-hwe-6.2	All versions	–
canonical	linux-hwe-6.5	All versions	–
canonical	linux-hwe-6.8	<= 6.8.0-85.85~22.04.1	6.8.0-85.85~22.04.1
canonical	linux-ibm-6.8	<= 6.8.0-1037.37~22.04.1	6.8.0-1037.37~22.04.1
canonical	linux-intel-iot-realtime	All versions	–
canonical	linux-lowlatency-hwe-5.19	All versions	–
canonical	linux-lowlatency-hwe-6.2	All versions	–
canonical	linux-lowlatency-hwe-6.5	All versions	–
canonical	linux-lowlatency-hwe-6.8	<= 6.8.0-84.84.1~22.04.1	6.8.0-84.84.1~22.04.1
canonical	linux-nvidia-6.2	All versions	–
canonical	linux-nvidia-6.5	All versions	–
canonical	linux-nvidia-6.8	<= 6.8.0-1039.42~22.04.1	6.8.0-1039.42~22.04.1
canonical	linux-oem-5.17	All versions	–
canonical	linux-oem-6.0	All versions	–
canonical	linux-oem-6.1	All versions	–
canonical	linux-oem-6.5	All versions	–
canonical	linux-oracle-6.5	All versions	–
canonical	linux-oracle-6.8	<= 6.8.0-1037.38~22.04.1	6.8.0-1037.38~22.04.1
canonical	linux-realtime	All versions	–
canonical	linux-riscv	All versions	–
canonical	linux-riscv-5.19	All versions	–
canonical	linux-riscv-6.5	All versions	–
canonical	linux-riscv-6.8	<= 6.8.0-84.84~22.04.1	6.8.0-84.84~22.04.1
canonical	linux-starfive-5.19	All versions	–
canonical	linux-starfive-6.2	All versions	–
canonical	linux-starfive-6.5	All versions	–
canonical	linux-realtime-6.8	<= 6.8.1-1034.35~22.04.1	6.8.1-1034.35~22.04.1
canonical	linux	<= 6.8.0-84.84	6.8.0-84.84
canonical	linux-aws	<= 6.8.0-1039.41	6.8.0-1039.41
canonical	linux-azure	<= 6.8.0-1038.44	6.8.0-1038.44
canonical	linux-azure-6.11	All versions	–
canonical	linux-azure-nvidia	<= 6.8.0-1025.27	6.8.0-1025.27
canonical	linux-gcp	<= 6.8.0-1040.42	6.8.0-1040.42
canonical	linux-gcp-6.11	All versions	–
canonical	linux-gke	<= 6.8.0-1036.40	6.8.0-1036.40
canonical	linux-gkeop	<= 6.8.0-1023.25	6.8.0-1023.25
canonical	linux-hwe-6.11	All versions	–
canonical	linux-ibm	<= 6.8.0-1037.37	6.8.0-1037.37
canonical	linux-lowlatency	<= 6.8.0-84.84.1	6.8.0-84.84.1
canonical	linux-lowlatency-hwe-6.11	All versions	–
canonical	linux-nvidia	<= 6.8.0-1039.42	6.8.0-1039.42
canonical	linux-nvidia-6.11	All versions	–
canonical	linux-nvidia-lowlatency	<= 6.8.0-1039.42.1	6.8.0-1039.42.1
canonical	linux-nvidia-tegra	<= 6.8.0-1012.12	6.8.0-1012.12
canonical	linux-oem-6.11	All versions	–
canonical	linux-oem-6.14	All versions	–
canonical	linux-oem-6.8	All versions	–
canonical	linux-oracle	<= 6.8.0-1037.38	6.8.0-1037.38
canonical	linux-oracle-6.14	All versions	–
canonical	linux-raspi	<= 6.8.0-1039.43	6.8.0-1039.43
canonical	linux-raspi-realtime	All versions	–
canonical	linux-realtime	All versions	–
canonical	linux-riscv	All versions	–
canonical	linux-riscv-6.14	All versions	–
canonical	linux-xilinx	<= 6.8.0-1018.19	6.8.0-1018.19
canonical	linux-aws-fips	<= 6.8.0-1039.41+fips1	6.8.0-1039.41+fips1
canonical	linux-azure-fips	<= 6.8.0-1040.46+fips1	6.8.0-1040.46+fips1
canonical	linux-fips	<= 6.8.0-84.84+fips1	6.8.0-84.84+fips1
canonical	linux-gcp-fips	<= 6.8.0-1040.42+fips1	6.8.0-1040.42+fips1
canonical	linux-raspi-realtime	<= 6.8.0-2031.32	6.8.0-2031.32
canonical	linux-realtime	<= 6.8.1-1034.35	6.8.1-1034.35
canonical	linux-realtime-6.14	All versions	–

Original title

Original description

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privilege escalation (LPE) caused by a use-after-free (UAF). Ubuntu builds that have already taken the new GC stack from commit 4090fa373f0e, and mainline Linux kernels shipping that infrastructure are unaffected because they no longer execute the legacy collector path. This issue affects Ubuntu Linux from 6.8.0-56.58 before 6.8.0-84.84.

osv CVSS4.0 6.6

https://ubuntu.com/security/CVE-2025-13350 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-13350 Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/03/05/7 Third Party Advisory
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/... Third Party Advisory

Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026