7.8

CVE-2025-71086

net: rose: fix invalid array index in rose_kill_by_device()

In the Linux kernel, the following vulnerability has been resolved:

net: rose: fix invalid array index in rose_kill_by_device()

rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down.

The loop mistakenly indexes array[cnt] instead of array[i]. For cnt <
ARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==
ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to
an invalid socket pointer dereference and also leaks references taken
via sock_hold().

Fix the index to use i.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.304 < 4.20
LinuxLinux Kernel Version >= 5.4.266 < 5.5
LinuxLinux Kernel Version >= 5.10.206 < 5.10.248
LinuxLinux Kernel Version >= 5.15.146 < 5.15.198
LinuxLinux Kernel Version >= 6.1.70 < 6.1.160
LinuxLinux Kernel Version >= 6.6.9 < 6.6.120
LinuxLinux Kernel Version >= 6.7.1 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.4
LinuxLinux Kernel Version6.7 Update-
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.022
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981
Patch
https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280
Patch
https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e
Patch
https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38
Patch
https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4
Patch
https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042
Patch
https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451
Patch