IM
IronMonkey Threat Research

CVE-2025-71086 HIGH

Published: 2026-01-13 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.

Additional Descriptions (1)

En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: rose: corrige índice de array inválido en rose_kill_by_device() rose_kill_by_device() recopila sockets en un array[] local y luego itera sobre ellos para desconectar los sockets vinculados a un dispositivo que está siendo dado de baja. El bucle indexa erróneamente array[cnt] en lugar de array[i]. Para cnt &lt; ARRAY_SIZE(array), esto lee una entrada no inicializada; para cnt == ARRAY_SIZE(array), es una lectura fuera de límites. Cualquiera de los dos casos puede llevar a una desreferenciación de puntero de socket inválida y también filtra referencias tomadas a través de sock_hold(). Corrige el índice para usar i.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-129

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bfc336080> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc336d80> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd67e340> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bddae7200> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc337b40> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc336040> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd67edc0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdd67ce40> Operating System
linux linux_kernel 6.7 <built-in method update of dict object at 0x702bdd67da40> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc335c00> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bdcc5b600> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc1de540> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc335480> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702b8344e800> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bdd2f0600> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702b8344f700> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702b8344e2c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

References

Notification
Message here