PT-2026-2619 · Linux+2 · Linux Kernel+2

Published

2026-01-13

·

Updated

2026-05-11

·

CVE-2025-71098

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contained a flaw in the ip6gre header() function that could lead to kernel crashes. The issue stemmed from the ability of team or bonding drivers to dynamically alter dev->needed headroom and/or dev->hard header len. Specifically, the vulnerability involved a scenario where mld newpack() allocated a socket buffer (skb) with insufficient reserve/headroom, and subsequently, mld sendpack() attached an ip6gre device, triggering the crash. The issue was identified through fuzzing by syzbot. The function ip6gre header() is involved in the process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2025-71098
ECHO-2D60-435C-7083
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu