CVE-2025-39826
published 2025-09-16CVE-2025-39826: In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used…
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
net: rose: convert 'use' field to refcount_t
The 'use' field in struct rose_neigh is used as a reference counter but
lacks atomicity. This can lead to race conditions where a rose_neigh
structure is freed while still being referenced by other code paths.
For example, when rose_neigh->use becomes zero during an ioctl operation
via rose_rt_ioctl(), the structure may be removed while its timer is
still active, potentially causing use-after-free issues.
This patch changes the type of 'use' from unsigned short to refcount_t and
updates all code paths to use rose_neigh_hold() and rose_neigh_put() which
operate reference counts atomically.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < fb07156cc0742ba4e93dfcc84280c011d05b301f | fb07156cc0742ba4e93dfcc84280c011d05b301f |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f8c29fc437d03a98fb075c31c5be761cc8326284 | f8c29fc437d03a98fb075c31c5be761cc8326284 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0085b250fcc79f900c82a69980ec2f3e1871823b | 0085b250fcc79f900c82a69980ec2f3e1871823b |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 203e4f42596ede31498744018716a3db6dbb7f51 | 203e4f42596ede31498744018716a3db6dbb7f51 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d860d1faa6b2ce3becfdb8b0c2b048ad31800061 | d860d1faa6b2ce3becfdb8b0c2b048ad31800061 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.5-1 | 6.16.5-1 |
| linux | linux_kernel | >= 0 < 6.8.0-106.106 | 6.8.0-106.106 |
| linux | linux_kernel | >= 2.6.12.1 < 6.1.150 | 6.1.150 |
| linux | linux_kernel | >= 6.13 < 6.16.5 | 6.16.5 |
| linux | linux_kernel | >= 6.2 < 6.6.104 | 6.6.104 |
| linux | linux_kernel | >= 6.7 < 6.12.45 | 6.12.45 |
| msrc | azl3_kernel_6.6.96.2-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | linux-xilinx | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.0HIGH