CVE-2025-39826

EPSS 0.02%
Veröffentlicht 16.09.2025 13:00:24
Zuletzt bearbeitet 16.01.2026 20:36:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: rose: convert 'use' field to refcount_t

The 'use' field in struct rose_neigh is used as a reference counter but
lacks atomicity. This can lead to race conditions where a rose_neigh
structure is freed while still being referenced by other code paths.

For example, when rose_neigh->use becomes zero during an ioctl operation
via rose_rt_ioctl(), the structure may be removed while its timer is
still active, potentially causing use-after-free issues.

This patch changes the type of 'use' from unsigned short to refcount_t and
updates all code paths to use rose_neigh_hold() and rose_neigh_put() which
operate reference counts atomically.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.12.1 < 6.1.150

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.104

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.45

Linux ≫ Linux Kernel Version >= 6.13 < 6.16.5

Linux ≫ Linux Kernel Version2.6.12 Update-

Linux ≫ Linux Kernel Version2.6.12 Updaterc2

Linux ≫ Linux Kernel Version2.6.12 Updaterc3

Linux ≫ Linux Kernel Version2.6.12 Updaterc4

Linux ≫ Linux Kernel Version2.6.12 Updaterc5

Linux ≫ Linux Kernel Version6.17 Updaterc1

Linux ≫ Linux Kernel Version6.17 Updaterc2

Linux ≫ Linux Kernel Version6.17 Updaterc3

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/fb07156cc0742ba4e93dfcc84280c011d05b301f

Patch

https://git.kernel.org/stable/c/f8c29fc437d03a98fb075c31c5be761cc8326284

Patch

https://git.kernel.org/stable/c/0085b250fcc79f900c82a69980ec2f3e1871823b

Patch

https://git.kernel.org/stable/c/203e4f42596ede31498744018716a3db6dbb7f51

Patch

https://git.kernel.org/stable/c/d860d1faa6b2ce3becfdb8b0c2b048ad31800061

Patch

https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-39826

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39826

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39826

EUVD