Linux Kernel Vulnerability in Network Protocol Implementation
CVE-2025-39827

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-39827?

A vulnerability in the Linux kernel's network protocol handling has been identified, concerning improper reference counting within the rose_neigh structure. The current implementation separates reference tracking into two mechanisms which could lead to inaccurate reference management. This patch merges the 'count' and 'use' fields into a single reference counting system to enhance memory management. By ensuring that rose_neigh structures are properly freed only when all references are released, this update addresses the slab-use-after-free issue previously reported, significantly improving system stability and security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4cce478c3e82a5fc788d72adb2f4c4e983997639

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9c547c8eee9d1cf6e744611d688b9f725cf9a115

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/4cce478c3e82a5fc788d72adb...

https://git.kernel.org/stable/c/9c547c8eee9d1cf6e744611d6...

https://git.kernel.org/stable/c/d7563b456ed44151e1a82091d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025