-
CVE-2025-39827
- EPSS 0.04%
- Veröffentlicht 16.09.2025 13:00:25
- Zuletzt bearbeitet 17.09.2025 14:18:55
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_sock. This patch merges these two reference counting systems using 'use' field for proper reference management. Specifically, this patch adds incrementing and decrementing of rose_neigh->use when rose_neigh->count is incremented or decremented. This patch also modifies rose_rt_free(), rose_rt_device_down() and rose_clear_route() to properly release references to rose_neigh objects before freeing a rose_node through rose_remove_node(). These changes ensure rose_neigh structures are properly freed only when all references, including those from rose_node structures, are released. As a result, this resolves a slab-use-after-free issue reported by Syzbot.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
4cce478c3e82a5fc788d72adb2f4c4e983997639
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
9c547c8eee9d1cf6e744611d688b9f725cf9a115
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
d7563b456ed44151e1a82091d96f60166daea89b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
384210cceb1873a4c8218b27ba0745444436b728
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
da9c9c877597170b929a6121a68dcd3dd9a80f45
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.12
Status
affected
Version <
2.6.12
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.150
Status
unaffected
Version <=
6.6.*
Version
6.6.104
Status
unaffected
Version <=
6.12.*
Version
6.12.45
Status
unaffected
Version <=
6.16.*
Version
6.16.5
Status
unaffected
Version <=
*
Version
6.17-rc4
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|