Hello, today the Ubuntu Security Team published CVE-2025-13350 for the Ubuntu packaging of the Linux kernel. The issue comes from an incorrectly backported patch that caused us to mix an old-style with a new-style garbage collector for Unix Domain Sockets.
Upstream kernels weren't affected because they did not cherry-pick pieces of the transition. I thought it worth sending a message to a widely read and widely archived place to give everyone peace of mind: If you consume the upstream kernel directly, you're fine. This issue only affected Ubuntu and anyone that rebuilds Ubuntu kernels. Thanks
