Linux CVE-2025-27723

Q: What is the CVSS score of CVE-2025-27723?

CVE-2025-27723 has a CVSS 4.0 base score of 6.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2025-209789 MEDIUM

Use After Free (CWE-416)

2026-05-12 intel

GHSA-j2j9-q468-5q3f

Denial Of Service Linux Use After Free Memory Corruption Intel

6.8

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 12, 2026 - 17:22 NVD

6.8 (MEDIUM)

CVE Published

May 12, 2026 - 16:35 nvd

MEDIUM 6.8

CVE Published

May 12, 2026 - 16:35 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.