CVE-2025-71086
HIGH EPSS 2.2%
Published Jan 13, 20265mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-129
Affected Products 17
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥4.19.304 – <4.20 |
| linux | linux_kernel | * | ≥5.4.266 – <5.5 |
| linux | linux_kernel | * | ≥5.10.206 – <5.10.248 |
| linux | linux_kernel | * | ≥5.15.146 – <5.15.198 |
| linux | linux_kernel | * | ≥6.1.70 – <6.1.160 |
| linux | linux_kernel | * | ≥6.6.9 – <6.6.120 |
| linux | linux_kernel | * | ≥6.7.1 – <6.12.64 |
| linux | linux_kernel | * | ≥6.13 – <6.18.4 |
| linux | linux_kernel | 6.7 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
References 7
- git.kernel.org https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981
- git.kernel.org https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4
- git.kernel.org https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042
- git.kernel.org https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38
- git.kernel.org https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280
- git.kernel.org https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e
- git.kernel.org https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451
Remediation
- git.kernel.org https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981
- git.kernel.org https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4
- git.kernel.org https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042
- git.kernel.org https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38
- git.kernel.org https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280
- git.kernel.org https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e
- git.kernel.org https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451