CVE-2025-71095
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 5.13 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.4 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.120 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.64 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 5.13.1 (inc) to 6.1.160 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a crash issue in the Linux kernel's stmmac network driver when using the zero copy XDP_TX action. Specifically, the driver mishandles the memory type of xdp_frame objects derived from xdp_buff objects. The function stmmac_xdp_xmit_back() assumes all xdp_frames use the page pool memory type, but zero copy XSK pool based xdp_buffs produce a different memory type. This incorrect assumption leads to invalid memory mappings and causes the kernel to crash with a fatal exception.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (kernel panic) when running zero copy XDP_TX actions in the stmmac driver. Such crashes can lead to system instability, downtime, and potential loss of data or service availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the system logs for kernel crash messages related to the zero copy XDP_TX action. Specifically, look for kernel panic or Oops messages similar to the following: [ 216.122464] Unable to handle kernel paging request at virtual address fffeffff80000000 [ 216.187524] Internal error: Oops: 0000000096000144 [#1] SMP [ 216.301694] Call trace: [ 216.304130] dcache_clean_poc+0x20/0x38 (P) [ 216.308308] __dma_sync_single_for_device+0x1bc/0x1e0 [ 216.313351] stmmac_xdp_xmit_xdpf+0x354/0x400 [ 216.317701] __stmmac_xdp_run_prog+0x164/0x368 [ 216.322139] stmmac_napi_poll_rxtx+0xba8/0xf00 [ 216.326576] __napi_poll+0x40/0x218 [ 216.408054] Kernel panic - not syncing: Oops: Fatal exception in interrupt You can use commands like `dmesg | grep -i stmmac` or `journalctl -k | grep -i stmmac` to filter kernel logs for related crash messages.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid using the zero copy XDP_TX action with the affected stmmac driver until a patched kernel version is applied. Updating the Linux kernel to a version where this issue is fixed (which includes the check for xdp_buff memory type in stmmac_xdp_xmit_back()) is recommended to prevent crashes. Additionally, monitor system stability and kernel logs for any related crashes.