CVE-2025-39826

Q: What is the severity of CVE-2025-39826?

CVE-2025-39826 has a CVSS score of 7.0 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's ROSE networking protocol implementation. The vulnerability occurs due to non-atomic reference counting in the rose_neigh structure, which can lead to race conditions where memory is freed while still being used. This affects Linux systems using the ROSE protocol, though ROSE is a legacy protocol primarily used in amateur radio networks.

7.0 HIGH

Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's ROSE networking protocol implementation. The vulnerability occurs due to non-atomic reference counting in the rose_neigh structure, which can lead to race conditions where memory is freed while still being used. This affects Linux systems using the ROSE protocol, though ROSE is a legacy protocol primarily used in amateur radio networks.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the ROSE protocol (CONFIG_ROSE) is compiled into the kernel and being used. Most standard distributions don't enable ROSE by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger the use-after-free and execute arbitrary code.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting network functionality on systems using the ROSE protocol.

🟢

If Mitigated

Minimal impact if ROSE protocol is disabled or not in use, as the vulnerable code path requires ROSE functionality.

🌐 Internet-Facing: LOW - ROSE protocol is rarely exposed to the internet and is primarily used in specialized amateur radio networks.

🏢 Internal Only: LOW - ROSE protocol is not commonly used in enterprise environments; risk is limited to specialized systems using amateur radio networking.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access or network access to ROSE protocol, race condition timing, and kernel memory manipulation knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits 0085b250fcc79f900c82a69980ec2f3e1871823b or later

Vendor Advisory: https://git.kernel.org/stable/c/0085b250fcc79f900c82a69980ec2f3e1871823b

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply the referenced git commits. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ROSE protocol module

linux

Prevent loading of the vulnerable ROSE kernel module

echo 'install rose /bin/false' >> /etc/modprobe.d/rose-blacklist.conf
rmmod rose 2>/dev/null || true

Disable ROSE at kernel compile

linux

Exclude ROSE protocol support from kernel build

Make sure CONFIG_ROSE=n in kernel configuration

🧯 If You Can't Patch

Disable ROSE protocol functionality if not needed by removing or blacklisting the rose kernel module.
Restrict access to systems using ROSE protocol to trusted networks only.

🔍 How to Verify

Check if Vulnerable:

Check if ROSE module is loaded: lsmod | grep rose. Check kernel version against patched versions from your distribution.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and ROSE module is either not loaded or from patched kernel.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes or panics
ROSE protocol error messages in dmesg

Network Indicators:

Unusual ROSE protocol traffic patterns
ROSE connection attempts from unexpected sources

SIEM Query:

Search for kernel panic events or ROSE protocol errors in system logs

📊 Metadata

CVE ID: CVE-2025-39826

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: September 16, 2025

Last Updated: January 16, 2026

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable ROSE protocol module

Disable ROSE at kernel compile

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities