CVE-2025-71086

Published: Jan 13, 2026Modified: Mar 25, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.

Affected (17)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.19.304 to 4.20
Linux Linux Kernel	From 5.10.206 to 5.10.248
Linux Linux Kernel	From 5.15.146 to 5.15.198
Linux Linux Kernel	From 5.4.266 to 5.5
Linux Linux Kernel	From 6.1.70 to 6.1.160
Linux Linux Kernel	From 6.13 to 6.18.4
Linux Linux Kernel	From 6.6.9 to 6.6.120
Linux Linux Kernel	From 6.7.1 to 6.12.64
Linux Linux Kernel	Version 6.19 rc1
Linux Linux Kernel	Version 6.19 rc2
Linux Linux Kernel	Version 6.19 rc3
Linux Linux Kernel	Version 6.19 rc4
Linux Linux Kernel	Version 6.19 rc5
Linux Linux Kernel	Version 6.19 rc6
Linux Linux Kernel	Version 6.19 rc7
Linux Linux Kernel	Version 6.19 rc8
Linux Linux Kernel	Version 6.7