THREAT OPS › Threat News › [NVD] CVE-2025-21718 (HIGH 7.0) — In the Linux kernel, the following vulnerability has been resolved:
net: rose: fix timer races against user threads
Rose timers only acquire the socket spinlock, without
checking if the socket is owned by one user thread.
Add a check and rearm the timers if needed.
BUG: KASAN
[NVD] CVE-2025-21718 (HIGH 7.0) — In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN
CVE-2025-21718 CVSS: 7.0 HIGH Published: 2025-02-27T02:15:15.473
In the Linux kernel, the following vulnerability has been resolved:
net: rose: fix timer races against user threads
Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread.
Add a check and rearm the timers if needed.
BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360
Indicators of compromise
- CVE-2025-21718cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-21718