CVE-2025-71095

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A crash issue exists within the Linux kernel's networking subsystem, specifically in the stmmac driver when utilizing zero copy XDP TX actions. The issue stems from an incorrect memory type check within the stmmac xdp xmit back() function. This function fails to validate the memory type of the xdp frame, leading to invalid memory mappings and a subsequent kernel panic. The root cause is that the xdp frame memory type depends on the xdp buff memory type, and the function always assumes a page pool type, which is incorrect for zero copy XSK pool-based buffers. The crash log indicates an "Unable to handle kernel paging request" error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-71095

ECHO-6808-917A-62A0

MGASA-2026-0017

MGASA-2026-0018

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8177-1

USN-8177-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8183-1

USN-8183-2

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8245-1

USN-8257-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

Stmmac

CVE-2025-71095

Related Identifiers

Affected Products

References · 2299