CVE-2025-71128

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the handling of ERSPAN traffic in GRE tunnels. Specifically, the options len field within the ip tunnel info structure is not properly initialized before being referenced, leading to a potential buffer overflow when compiled with GCC 15+ and FORTIFY SOURCE enabled. This can result in a kernel panic, as demonstrated by the error message 'memcpy: detected buffer overflow: 4 byte write of buffer size 0'. The issue arises from a partial update in the GRE ERSPAN code that bypasses the initialization helper function, ip tunnel info opts set().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.