-
CVE-2025-39827
- EPSS 0.04%
- Published 16.09.2025 13:00:25
- Last modified 17.09.2025 14:18:55
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks references from rose_node structures, while the 'use' field (now refcount_t) tracks references from rose_sock. This patch merges these two reference counting systems using 'use' field for proper reference management. Specifically, this patch adds incrementing and decrementing of rose_neigh->use when rose_neigh->count is incremented or decremented. This patch also modifies rose_rt_free(), rose_rt_device_down() and rose_clear_route() to properly release references to rose_neigh objects before freeing a rose_node through rose_remove_node(). These changes ensure rose_neigh structures are properly freed only when all references, including those from rose_node structures, are released. As a result, this resolves a slab-use-after-free issue reported by Syzbot.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
4cce478c3e82a5fc788d72adb2f4c4e983997639
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
9c547c8eee9d1cf6e744611d688b9f725cf9a115
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
d7563b456ed44151e1a82091d96f60166daea89b
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
384210cceb1873a4c8218b27ba0745444436b728
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
da9c9c877597170b929a6121a68dcd3dd9a80f45
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
2.6.12
Status
affected
Version <
2.6.12
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.150
Status
unaffected
Version <=
6.6.*
Version
6.6.104
Status
unaffected
Version <=
6.12.*
Version
6.12.45
Status
unaffected
Version <=
6.16.*
Version
6.16.5
Status
unaffected
Version <=
*
Version
6.17-rc4
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.118 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|