-

CVE-2025-71098

In the Linux kernel, the following vulnerability has been resolved:

ip6_gre: make ip6gre_header() robust

Over the years, syzbot found many ways to crash the kernel
in ip6gre_header() [1].

This involves team or bonding drivers ability to dynamically
change their dev->needed_headroom and/or dev->hard_header_len

In this particular crash mld_newpack() allocated an skb
with a too small reserve/headroom, and by the time mld_sendpack()
was called, syzbot managed to attach an ip6gre device.

[1]
skbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888059bc7000 data:ffff888059bc6fe8 tail:0x70 end:0x6c0 dev:team0
------------[ cut here ]------------
 kernel BUG at net/core/skbuff.c:213 !
 <TASK>
  skb_under_panic net/core/skbuff.c:223 [inline]
  skb_push+0xc3/0xe0 net/core/skbuff.c:2641
  ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371
  dev_hard_header include/linux/netdevice.h:3436 [inline]
  neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618
  neigh_output include/net/neighbour.h:556 [inline]
  ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136
 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline]
  ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:220
  NF_HOOK_COND include/linux/netfilter.h:307 [inline]
  ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247
  NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318
  mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855
  mld_send_cr net/ipv6/mcast.c:2154 [inline]
  mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 17e7386234f740f3e7d5e58a47b5847ea34c3bc2
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
Version < 41a1a3140aff295dee8063906f70a514548105e8
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
Version < adee129db814474f2f81207bd182bf343832a52e
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
Version < 1717357007db150c2d703f13f5695460e960f26c
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
Version < 5fe210533e3459197eabfdbf97327dacbdc04d60
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
Version < 91a2b25be07ce1a7549ceebbe82017551d2eec92
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
Version < db5b4e39c4e63700c68a7e65fc4e1f1375273476
Version c12b395a46646bab69089ce7016ac78177f6001f
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.7
Status affected
Version < 3.7
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.248
Status unaffected
Version <= 5.15.*
Version 5.15.198
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.64
Status unaffected
Version <= 6.18.*
Version 6.18.4
Status unaffected
Version <= *
Version 6.19-rc4
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.088
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.