CVE-2025-71085

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the IPv6 implementation, specifically in the pskb expand head() function as part of calipso skbuff setattr(). This issue can lead to a kernel oops triggered by a BUG ON(nhead < 0) condition in net/core/skbuff.c:2232. The root cause is an implicit integer cast in skb cow(), where a negative value for headroom can be passed to pskb expand head(). The issue is triggered when using the netlabelctl tool to map and add calipso settings, followed by sending a UDP packet with a specific hop header configuration. The vulnerable function is pskb expand head(). The vulnerable parameter is nhead.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.