CVE-2025-39826

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The 'use' field within the rose neigh structure was not atomic, leading to potential race conditions. Specifically, the structure could be freed while still being referenced, potentially resulting in use-after-free issues. This could occur during an ioctl operation via the rose rt ioctl() function when the rose neigh->use field reached zero while a timer was still active. The issue was addressed by changing the type of the 'use' field to refcount t and updating code paths to utilize rose neigh hold() and rose neigh put() for atomic reference counting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911CWE-416

Related Identifiers

AZL-67434

BDU:2025-15678

CVE-2025-39826

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-017E-2FE9-E065

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39826

Weakness Enumeration

Related Identifiers

Affected Products

References · 3512