CVE-2025-71086
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
net: rose: fix invalid array index in rose_kill_by_device()
rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down.
The loop mistakenly indexes array[cnt] instead of array[i]. For cnt <
ARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==
ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to
an invalid socket pointer dereference and also leaks references taken
via sock_hold().
Fix the index to use i.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.7 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.4 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 4.19.304 (inc) to 4.20 (exc) |
| linux | linux_kernel | From 5.10.206 (inc) to 5.10.248 (exc) |
| linux | linux_kernel | From 5.15.146 (inc) to 5.15.198 (exc) |
| linux | linux_kernel | From 5.4.266 (inc) to 5.5 (exc) |
| linux | linux_kernel | From 6.1.70 (inc) to 6.1.160 (exc) |
| linux | linux_kernel | From 6.6.9 (inc) to 6.6.120 (exc) |
| linux | linux_kernel | From 6.7.1 (inc) to 6.12.64 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
