CVE-2025-39827

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained an issue in the networking component (net: rose) related to reference counting of rose neigh structures. The implementation maintained separate reference counts – one for rose node structures (count field) and another for rose sock (use field). A patch was implemented to merge these into a single reference count using the use field, ensuring proper management of references. The patch also modified functions rose rt free(), rose rt device down(), and rose clear route() to correctly release references to rose neigh objects before freeing a rose node via rose remove node(). This resolves a slab-use-after-free issue identified by Syzbot.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911

Related Identifiers

AZL-67395

BDU:2025-15677

CVE-2025-39827

DLA-4328-1

DSA-6008-1

DSA-6009-1

ECHO-6EA8-A252-002C

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39827

Weakness Enumeration

Related Identifiers

Affected Products

References · 3512