-

CVE-2025-39826

EPSS 0.02%
Veröffentlicht 16.09.2025 13:00:24
Zuletzt bearbeitet 17.09.2025 14:18:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

net: rose: convert 'use' field to refcount_t

The 'use' field in struct rose_neigh is used as a reference counter but
lacks atomicity. This can lead to race conditions where a rose_neigh
structure is freed while still being referenced by other code paths.

For example, when rose_neigh->use becomes zero during an ioctl operation
via rose_rt_ioctl(), the structure may be removed while its timer is
still active, potentially causing use-after-free issues.

This patch changes the type of 'use' from unsigned short to refcount_t and
updates all code paths to use rose_neigh_hold() and rose_neigh_put() which
operate reference counts atomically.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < fb07156cc0742ba4e93dfcc84280c011d05b301f

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < f8c29fc437d03a98fb075c31c5be761cc8326284

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 0085b250fcc79f900c82a69980ec2f3e1871823b

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 203e4f42596ede31498744018716a3db6dbb7f51

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d860d1faa6b2ce3becfdb8b0c2b048ad31800061

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version < 2.6.12

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.150

Status unaffected

Version <= 6.6.*

Version 6.6.104

Status unaffected

Version <= 6.12.*

Version 6.12.45

Status unaffected

Version <= 6.16.*

Version 6.16.5

Status unaffected

Version <= *

Version 6.17-rc4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.048

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/fb07156cc0742ba4e93dfcc84280c011d05b301f

https://git.kernel.org/stable/c/f8c29fc437d03a98fb075c31c5be761cc8326284

https://git.kernel.org/stable/c/0085b250fcc79f900c82a69980ec2f3e1871823b

https://git.kernel.org/stable/c/203e4f42596ede31498744018716a3db6dbb7f51

https://git.kernel.org/stable/c/d860d1faa6b2ce3becfdb8b0c2b048ad31800061

https://nvd.nist.gov/vuln/detail/CVE-2025-39826

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-39826

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-39826

EUVD