CVE-2025-13350 Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 "afunix: Don’t call skbget for OOB skb". When orphaned MSGOOB sockets hit unixgc, the garbage collector still calls kfreeskb as if OOB SKBs held two references; on Ubuntu Linux 6.8 Noble...

CVE-2025-13350 Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 "afunix: Don’t call skbget for OOB skb". When orphaned MSGOOB sockets hit unixgc, the garbage collector still calls kfreeskb as if OOB SKBs held two references; on Ubuntu Linux 6.8 Noble...

CVE-2025-13350

Summary : CVE-2025-13350 affects Ubuntu Linux 6.8 GA builds that retain the legacy AF_UNIX garbage collector and backport a specific commit. Root cause : when orphaned MSG_OOB sockets are processed by unix_gc(), the code frees the buffer via kfree_skb() as if OOB SKBs held two references, but in ...

PT-2026-23496

Name of the Vulnerable Software and Affected Versions Ubuntu Linux versions 6.8.0-56.58 through 6.8.0-84.84 Description The Ubuntu Linux kernel retains a legacy AF UNIX garbage collector that, when combined with a backported upstream commit, can lead to a use-after-free condition. Specifically,...