{"vulnerability": "CVE-2025-21718", "sightings": [{"uuid": "fd282ae2-12b0-4f07-92d1-d96e667558ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21718", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}, {"uuid": "406ddb9e-9bf1-473a-8e39-b38ba5a64a7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21718", "type": "seen", "source": "https://t.me/cvedetector/18985", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21718 - Here is the title: \"Rose Linux Kernel Timer Use-After-Free Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-21718 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: rose: fix timer races against user threads  \n  \nRose timers only acquire the socket spinlock, without  \nchecking if the socket is owned by one user thread.  \n  \nAdd a check and rearm the timers if needed.  \n  \nBUG: KASAN: slab-use-after-free in rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174  \nRead of size 2 at addr ffff88802f09b82a by task swapper/0/0  \n  \nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc5-syzkaller-00172-gd1bf27c4e176 #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024  \nCall Trace:  \n   \n  __dump_stack lib/dump_stack.c:94 [inline]  \n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120  \n  print_address_description mm/kasan/report.c:378 [inline]  \n  print_report+0x169/0x550 mm/kasan/report.c:489  \n  kasan_report+0x143/0x180 mm/kasan/report.c:602  \n  rose_timer_expiry+0x31d/0x360 net/rose/rose_timer.c:174  \n  call_timer_fn+0x187/0x650 kernel/time/timer.c:1793  \n  expire_timers kernel/time/timer.c:1844 [inline]  \n  __run_timers kernel/time/timer.c:2418 [inline]  \n  __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430  \n  run_timer_base kernel/time/timer.c:2439 [inline]  \n  run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449  \n  handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561  \n  __do_softirq kernel/softirq.c:595 [inline]  \n  invoke_softirq kernel/softirq.c:435 [inline]  \n  __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662  \n  irq_exit_rcu+0x9/0x30 kernel/softirq.c:678  \n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]  \n  sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:22.000000Z"}]}