CVE-2025-39826

🗓️ 16 Sep 2025 13:00:24Reported by LinuxType

Linux kernel Rose converts rose_neigh use to refcount_t to prevent use after free.

Reporter	Title	Published	Views	Family All 142
AstraLinux	Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12	1 Nov 202510:54	–	astralinux
CBLMariner	CVE-2025-39826 affecting package kernel for versions less than 6.6.104.2-1	1 Oct 202519:21	–	cbl_mariner
Circl	CVE-2025-39826	16 Sep 202514:29	–	circl
CNNVD	Linux kernel 安全漏洞	16 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-39826 net: rose: convert 'use' field to refcount_t	16 Sep 202513:00	–	cvelist
Debian	[SECURITY] [DLA 4328-1] linux-6.1 security update	13 Oct 202509:16	–	debian
Debian	[SECURITY] [DSA 6008-1] linux security update	22 Sep 202521:10	–	debian
Debian	[SECURITY] [DSA 6009-1] linux security update	22 Sep 202521:10	–	debian
Debian CVE	CVE-2025-39826	16 Sep 202513:00	–	debiancve
Tenable Nessus	Debian dla-4328 : linux-config-6.1 - security update	13 Oct 202500:00	–	nessus

NVD

Vulners

CNA

Node

linux linux_kernelRange2.6.12.1–6.1.150

linux linux_kernelRange6.2–6.6.104

linux linux_kernelRange6.7–6.12.45

linux linux_kernelRange6.13–6.16.5

linux linux_kernelMatch2.6.12-

linux linux_kernelMatch2.6.12rc2

linux linux_kernelMatch2.6.12rc3

linux linux_kernelMatch2.6.12rc4

linux linux_kernelMatch2.6.12rc5

linux linux_kernelMatch6.17rc1

linux linux_kernelMatch6.17rc2

linux linux_kernelMatch6.17rc3

Node

debian debian_linuxMatch11.0

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "include/net/rose.h",
      "net/rose/af_rose.c",
      "net/rose/rose_in.c",
      "net/rose/rose_route.c",
      "net/rose/rose_timer.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
        "lessThan": "fb07156cc0742ba4e93dfcc84280c011d05b301f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
        "lessThan": "f8c29fc437d03a98fb075c31c5be761cc8326284",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
        "lessThan": "0085b250fcc79f900c82a69980ec2f3e1871823b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
        "lessThan": "203e4f42596ede31498744018716a3db6dbb7f51",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
        "lessThan": "d860d1faa6b2ce3becfdb8b0c2b048ad31800061",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "include/net/rose.h",
      "net/rose/af_rose.c",
      "net/rose/rose_in.c",
      "net/rose/rose_route.c",
      "net/rose/rose_timer.c"
    ],
    "versions": [
      {
        "version": "2.6.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "2.6.12",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.150",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.104",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.45",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.5",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/fb07156cc0742ba4e93dfcc84280c011d05b301f
git	www.git.kernel.org/stable/c/203e4f42596ede31498744018716a3db6dbb7f51
git	www.git.kernel.org/stable/c/d860d1faa6b2ce3becfdb8b0c2b048ad31800061
git	www.git.kernel.org/stable/c/f8c29fc437d03a98fb075c31c5be761cc8326284
git	www.git.kernel.org/stable/c/0085b250fcc79f900c82a69980ec2f3e1871823b
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-032379.html
lists	www.lists.debian.org/debian-lts-announce/2025/10/msg00008.html

17 Jun 2026 09:18Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.17

EPSS0.00132

CWE-416