CVE-2025-39826

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: rose: convert &amp;#39;use&amp;#39; field to refcount_t<br /> <br /> The &amp;#39;use&amp;#39; field in struct rose_neigh is used as a reference counter but<br /> lacks atomicity. This can lead to race conditions where a rose_neigh<br /> structure is freed while still being referenced by other code paths.<br /> <br /> For example, when rose_neigh-&gt;use becomes zero during an ioctl operation<br /> via rose_rt_ioctl(), the structure may be removed while its timer is<br /> still active, potentially causing use-after-free issues.<br /> <br /> This patch changes the type of &amp;#39;use&amp;#39; from unsigned short to refcount_t and<br /> updates all code paths to use rose_neigh_hold() and rose_neigh_put() which<br /> operate reference counts atomically.