CVE-2025-13350 is a use-after-free vulnerability classified under CWE-416 affecting the legacy AF_UNIX garbage collector in Ubuntu Linux 6.8 kernel versions from 6.8.0-56.58 up to but not including 6.8.0-84.84. The vulnerability stems from the garbage collector's handling of orphaned MSG_OOB sockets. Specifically, the garbage collector calls kfree_skb() on socket buffers (SKBs) assuming out-of-band SKBs hold two references, but in these Ubuntu kernel versions, they only have a single queue reference. This discrepancy causes the buffer to be freed while still reachable, leading to subsequent queue traversals dereferencing freed memory. This use-after-free condition can be exploited locally to achieve privilege escalation by manipulating the kernel's memory management of UNIX sockets. The issue does not affect Ubuntu kernels that have integrated the newer garbage collector stack introduced in commit 4090fa373f0e or mainline Linux kernels that have removed the legacy collector path. The vulnerability has a CVSS 4.0 base score of 7.1, indicating high severity, with attack vector local, high attack complexity, no user interaction, and requiring low privileges. Although no known exploits are reported in the wild, the vulnerability presents a reliable attack vector for local attackers to gain elevated privileges.

The primary impact of CVE-2025-13350 is local privilege escalation on affected Ubuntu Linux systems, allowing an attacker with low-level local access to gain higher privileges, potentially root. This can lead to full system compromise, unauthorized access to sensitive data, and disruption of system integrity and availability. The use-after-free condition could also be leveraged to execute arbitrary code within the kernel context, increasing the risk of persistent and stealthy attacks. Organizations relying on Ubuntu Linux 6.8 kernel versions within the affected range are at risk of internal threats or attackers who have gained limited access through other means. The vulnerability undermines system security controls and could facilitate lateral movement or privilege escalation in multi-user environments, cloud infrastructures, and containerized deployments using these kernels.

Organizations should immediately verify if their Ubuntu Linux systems are running kernel versions between 6.8.0-56.58 and 6.8.0-84.84. The primary mitigation is to upgrade to Ubuntu Linux 6.8 kernel versions at or beyond 6.8.0-84.84, which include the fix by removing the legacy garbage collector path and adopting the newer GC stack. If immediate upgrading is not feasible, administrators should restrict local access to trusted users only and monitor for suspicious local activity indicative of exploitation attempts. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and enabling security modules like SELinux or AppArmor can reduce exploitation likelihood. Regularly auditing and limiting socket usage and privileges can further reduce attack surface. Since no patches are linked in the provided data, organizations should consult Canonical's official security advisories for the latest updates and apply them promptly.