CVE-2025-71086

EPSS 0.02%
Veröffentlicht 13.01.2026 15:34:49
Zuletzt bearbeitet 25.03.2026 18:57:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

net: rose: fix invalid array index in rose_kill_by_device()

In the Linux kernel, the following vulnerability has been resolved:

net: rose: fix invalid array index in rose_kill_by_device()

rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down.

The loop mistakenly indexes array[cnt] instead of array[i]. For cnt <
ARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==
ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to
an invalid socket pointer dereference and also leaks references taken
via sock_hold().

Fix the index to use i.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 17 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.19.304 < 4.20

Linux ≫ Linux Kernel Version >= 5.4.266 < 5.5

Linux ≫ Linux Kernel Version >= 5.10.206 < 5.10.248

Linux ≫ Linux Kernel Version >= 5.15.146 < 5.15.198

Linux ≫ Linux Kernel Version >= 6.1.70 < 6.1.160

Linux ≫ Linux Kernel Version >= 6.6.9 < 6.6.120

Linux ≫ Linux Kernel Version >= 6.7.1 < 6.12.64

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.4

Linux ≫ Linux Kernel Version6.7 Update-

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Linux ≫ Linux Kernel Version6.19 Updaterc7

Linux ≫ Linux Kernel Version6.19 Updaterc8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981

Patch

https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280

Patch

https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e

Patch

https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38

Patch

https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4

Patch

https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042

Patch