Linux Kernel Use-After-Free Vulnerability in ROSE Protocol Neighbor Management

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's handling of neighbor pointers within the ROSE protocol. This issue arises in the function 'rose_rt_device_down()', where two bugs can lead to improper memory management. First, the loop that processes neighbor entries can terminate prematurely, causing some entries to be overlooked. Second, when an entry is removed, the remaining entries shift up to fill the gap, but the loop index continues to advance, resulting in skipped entries. This mismanagement can leave dangling pointers that, when accessed, cause a use-after-free condition.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where freed memory is accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jul 25, 2025, 2:30 PM

Updated: Jul 25, 2025, 6:58 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Use-After-Free Vulnerability in ROSE Protocol Neighbor Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating