Race Condition Vulnerability in Linux Kernel Affecting Refcount in ROSE Network Protocol
CVE-2025-39826

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39826?

A vulnerability exists in the Linux kernel's ROSE protocol implementation that can lead to race conditions. The misuse of the 'use' field in the struct rose_neigh—designed as a reference counter—creates a situation where the structure may be deallocated while still being in use by other code paths. This mismanagement can result in use-after-free scenarios, particularly during ioctl operations where the reference count unexpectedly drops to zero. The vulnerability has been addressed by enhancing the atomicity of the reference count, converting the 'use' field from an unsigned short to a refcount_t type, and implementing safer reference management functions.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0085b250fcc79f900c82a69980ec2f3e1871823b

References

https://git.kernel.org/stable/c/fb07156cc0742ba4e93dfcc84...

https://git.kernel.org/stable/c/f8c29fc437d03a98fb075c31c...

https://git.kernel.org/stable/c/0085b250fcc79f900c82a6998...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025