#VU115595 Resource management error in Linux kernel - CVE-2025-39827
Published: September 16, 2025
Vulnerability identifier: #VU115595
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-39827
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rose_add_node(), rose_del_node(), rose_add_loopback_node(), rose_del_loopback_node(), rose_rt_device_down(), rose_clear_routes(), rose_neigh_show() and rose_rt_free() functions in net/rose/rose_route.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/384210cceb1873a4c8218b27ba0745444436b728
- https://git.kernel.org/stable/c/4cce478c3e82a5fc788d72adb2f4c4e983997639
- https://git.kernel.org/stable/c/9c547c8eee9d1cf6e744611d688b9f725cf9a115
- https://git.kernel.org/stable/c/d7563b456ed44151e1a82091d96f60166daea89b
- https://git.kernel.org/stable/c/da9c9c877597170b929a6121a68dcd3dd9a80f45