CVE-2025-71086

HIGH EPSS 2.2%
Published Jan 13, 20265mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥4.19.304  –  <4.20
linuxlinux_kernel*≥5.4.266  –  <5.5
linuxlinux_kernel*≥5.10.206  –  <5.10.248
linuxlinux_kernel*≥5.15.146  –  <5.15.198
linuxlinux_kernel*≥6.1.70  –  <6.1.160
linuxlinux_kernel*≥6.6.9  –  <6.6.120
linuxlinux_kernel*≥6.7.1  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.18.4
linuxlinux_kernel6.7any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451
    Patch