PT-2026-2617 · Linux+2 · Linux Kernel+2

Published

2026-01-13

·

Updated

2026-05-11

·

CVE-2025-71096

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the RDMA/core component related to the handling of netlink responses for RDMA NL LS OP IP RESOLVE queries. Specifically, the code does not correctly validate the presence of the LS NLA TYPE DGID attribute in the netlink response, potentially leading to an uninitialized read from the stack. This issue is triggered when a user does not provide the DGID to a kernel-initiated RDMA NL LS OP IP RESOLVE query. The vulnerability manifests as a kernel memory safety issue, indicated by KMSAN reports of uninitialized values being used in hex byte pack and related functions. The issue impacts the parsing of network attributes and can lead to unexpected behavior or system instability.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Weakness Enumeration

CWE-908

Related Identifiers

CVE-2025-71096
ECHO-C2CD-4364-539C
MGASA-2026-0017
MGASA-2026-0018
OESA-2026-1566
OESA-2026-1567
OESA-2026-1570
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu