PT-2025-8801 · Linux+7 · Linux Kernel+7
Syzbot
·
Published
2025-01-22
·
Updated
2026-04-20
·
CVE-2025-21718
CVSS v4.0
7.3
High
| Vector | AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.13.0-rc5
Description
A vulnerability in the Linux kernel has been resolved, specifically in the Rose protocol implementation. The issue arises from timer races against user threads, where Rose timers only acquire the socket spinlock without checking if the socket is owned by one user thread. This can lead to a slab-use-after-free error. The vulnerability is triggered when the
rose timer expiry function is called, which can cause a read of size 2 at an invalid address.Recommendations
For Linux kernel versions prior to 6.13.0-rc5, update to a version that includes the fix for the Rose timer issue, which adds a check and rearms the timers if needed. As a temporary workaround, consider disabling the Rose protocol until a patch is available. Restrict access to the
rose timer expiry function to minimize the risk of exploitation. Avoid using the Rose protocol in critical systems until the issue is resolved.Exploit
Fix
Use After Free
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu