PT-2026-2607 · Linux+2 · Linux Kernel+2

Published

2025-12-22

·

Updated

2026-05-11

·

CVE-2025-71086

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The rose kill by device() function in the Linux kernel incorrectly indexes an array, potentially leading to an out-of-bounds read or an invalid socket pointer dereference. The function collects sockets into a local array and iterates to disconnect sockets bound to a device. The error occurs because the loop uses an incorrect index (cnt) instead of the correct index (i). This can result in reading uninitialized memory or accessing memory outside the array bounds, potentially leaking socket references. The vulnerable function is rose kill by device().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Stack Overflow

Use of Uninitialized Resource

Weakness Enumeration

CWE-129CWE-121CWE-908

Related Identifiers

BDU:2026-03070
CVE-2025-71086
ECHO-79F3-0CD2-82E4
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu