CVE-2025-71086

EPSS 0.03%
Veröffentlicht 13.01.2026 15:34:49
Zuletzt bearbeitet 19.01.2026 13:16:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: rose: fix invalid array index in rose_kill_by_device()

rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down.

The loop mistakenly indexes array[cnt] instead of array[i]. For cnt <
ARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==
ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to
an invalid socket pointer dereference and also leaks references taken
via sock_hold().

Fix the index to use i.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 819fb41ae54960f66025802400c9d3935eef4042

Version 12e5a4719c99d7f4104e7e962393dfb8baa1c591

Status affected

Version < ed2639414d43ba037f798eaf619e878309310451

Version c0e527c532a07556ca44642f5873b002c44da22c

Status affected

Version < 1418c12cd3bba79dc56b57b61c99efe40f579981

Version 3e0d1585799d8a991eba9678f297fd78d9f1846e

Status affected

Version < 9f6185a32496834d6980b168cffcccc2d6b17280

Version ffced26692f83212aa09d0ece0213b23cc2f611d

Status affected

Version < b409ba9e1e63ccf3ab4cc061e33c1f804183543e

Version 64b8bc7d5f1434c636a40bdcfcd42b278d1714be

Status affected

Version < 92d900aac3a5721fb54f3328f1e089b44a861c38

Version 64b8bc7d5f1434c636a40bdcfcd42b278d1714be

Status affected

Version < 6595beb40fb0ec47223d3f6058ee40354694c8e4

Version 64b8bc7d5f1434c636a40bdcfcd42b278d1714be

Status affected

Version bd7de4734535140fda33240c2335a07fdab6f88e

Status affected

Version b10265532df7bc3666bc53261b7f03f0fd14b1c9

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.7

Status affected

Version < 6.7

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.4

Status unaffected

Version <= *

Version 6.19-rc4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981

https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280

https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e

https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38

https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4

https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042

https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451

https://nvd.nist.gov/vuln/detail/CVE-2025-71086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71086

EUVD