5.5

CVE-2025-71098

EPSS 0.03%
Veröffentlicht 13.01.2026 15:34:57
Zuletzt bearbeitet 25.03.2026 16:56:02
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ip6_gre: make ip6gre_header() robust

In the Linux kernel, the following vulnerability has been resolved:

ip6_gre: make ip6gre_header() robust

Over the years, syzbot found many ways to crash the kernel
in ip6gre_header() [1].

This involves team or bonding drivers ability to dynamically
change their dev->needed_headroom and/or dev->hard_header_len

In this particular crash mld_newpack() allocated an skb
with a too small reserve/headroom, and by the time mld_sendpack()
was called, syzbot managed to attach an ip6gre device.

[1]
skbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888059bc7000 data:ffff888059bc6fe8 tail:0x70 end:0x6c0 dev:team0
------------[ cut here ]------------
 kernel BUG at net/core/skbuff.c:213 !
 <TASK>
  skb_under_panic net/core/skbuff.c:223 [inline]
  skb_push+0xc3/0xe0 net/core/skbuff.c:2641
  ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371
  dev_hard_header include/linux/netdevice.h:3436 [inline]
  neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618
  neigh_output include/net/neighbour.h:556 [inline]
  ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline]
  ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:220
  NF_HOOK_COND include/linux/netfilter.h:307 [inline]
  ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
  NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318
  mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855
  mld_send_cr net/ipv6/mcast.c:2154 [inline]
  mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 15 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.7.1 < 5.10.248

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.198

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.160

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.120

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.64

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.4

Linux ≫ Linux Kernel Version3.7 Update-

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Linux ≫ Linux Kernel Version6.19 Updaterc7

Linux ≫ Linux Kernel Version6.19 Updaterc8

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/adee129db814474f2f81207bd182bf343832a52e

Patch

https://git.kernel.org/stable/c/1717357007db150c2d703f13f5695460e960f26c

Patch

https://git.kernel.org/stable/c/5fe210533e3459197eabfdbf97327dacbdc04d60

Patch

https://git.kernel.org/stable/c/91a2b25be07ce1a7549ceebbe82017551d2eec92

Patch

https://git.kernel.org/stable/c/db5b4e39c4e63700c68a7e65fc4e1f1375273476

Patch

https://git.kernel.org/stable/c/17e7386234f740f3e7d5e58a47b5847ea34c3bc2

Patch

https://git.kernel.org/stable/c/41a1a3140aff295dee8063906f70a514548105e8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-71098

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71098

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71098

EUVD