CVE-2025-71086
Published: Jan 13, 2026
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 12e5a4719c99d7f4104e7e962393dfb8baa1c591 - < 819fb41ae54960f66025802400c9d3935eef4042affected c0e527c532a07556ca44642f5873b002c44da22c - < ed2639414d43ba037f798eaf619e878309310451affected 3e0d1585799d8a991eba9678f297fd78d9f1846e - < 1418c12cd3bba79dc56b57b61c99efe40f579981affected ffced26692f83212aa09d0ece0213b23cc2f611d - < 9f6185a32496834d6980b168cffcccc2d6b17280affected 64b8bc7d5f1434c636a40bdcfcd42b278d1714be - < b409ba9e1e63ccf3ab4cc061e33c1f804183543e+10 more versions |
Linux | Linux | affected 6.7unaffected 0 - < 6.7unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now