SB20250916337 - Resource management error in Linux kernel rose
Published: September 16, 2025
Security Bulletin ID
SB20250916337
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2025-39827)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rose_add_node(), rose_del_node(), rose_add_loopback_node(), rose_del_loopback_node(), rose_rt_device_down(), rose_clear_routes(), rose_neigh_show() and rose_rt_free() functions in net/rose/rose_route.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/384210cceb1873a4c8218b27ba0745444436b728
- https://git.kernel.org/stable/c/4cce478c3e82a5fc788d72adb2f4c4e983997639
- https://git.kernel.org/stable/c/9c547c8eee9d1cf6e744611d688b9f725cf9a115
- https://git.kernel.org/stable/c/d7563b456ed44151e1a82091d96f60166daea89b
- https://git.kernel.org/stable/c/da9c9c877597170b929a6121a68dcd3dd9a80f45