CVE-2025-39827

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: rose: include node references in rose_neigh refcount<br /> <br /> Current implementation maintains two separate reference counting<br /> mechanisms: the &amp;#39;count&amp;#39; field in struct rose_neigh tracks references from<br /> rose_node structures, while the &amp;#39;use&amp;#39; field (now refcount_t) tracks<br /> references from rose_sock.<br /> <br /> This patch merges these two reference counting systems using &amp;#39;use&amp;#39; field<br /> for proper reference management. Specifically, this patch adds incrementing<br /> and decrementing of rose_neigh-&gt;use when rose_neigh-&gt;count is incremented<br /> or decremented.<br /> <br /> This patch also modifies rose_rt_free(), rose_rt_device_down() and<br /> rose_clear_route() to properly release references to rose_neigh objects<br /> before freeing a rose_node through rose_remove_node().<br /> <br /> These changes ensure rose_neigh structures are properly freed only when<br /> all references, including those from rose_node structures, are released.<br /> As a result, this resolves a slab-use-after-free issue reported by Syzbot.