CVE-2025-71086

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: rose: fix invalid array index in rose_kill_by_device()

rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down.

The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold().

Fix the index to use i.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux12e5a4719c99d7f4104e7e962393dfb8baa1c591 < 819fb41ae54960f66025802400c9d3935eef4042affected
LinuxLinuxc0e527c532a07556ca44642f5873b002c44da22c < ed2639414d43ba037f798eaf619e878309310451affected
LinuxLinux3e0d1585799d8a991eba9678f297fd78d9f1846e < 1418c12cd3bba79dc56b57b61c99efe40f579981affected
LinuxLinuxffced26692f83212aa09d0ece0213b23cc2f611d < 9f6185a32496834d6980b168cffcccc2d6b17280affected
LinuxLinux64b8bc7d5f1434c636a40bdcfcd42b278d1714be < b409ba9e1e63ccf3ab4cc061e33c1f804183543eaffected
LinuxLinux64b8bc7d5f1434c636a40bdcfcd42b278d1714be < 92d900aac3a5721fb54f3328f1e089b44a861c38affected
LinuxLinux64b8bc7d5f1434c636a40bdcfcd42b278d1714be < 6595beb40fb0ec47223d3f6058ee40354694c8e4affected
LinuxLinuxbd7de4734535140fda33240c2335a07fdab6f88eaffected
LinuxLinuxb10265532df7bc3666bc53261b7f03f0fd14b1c9affected
LinuxLinux5.10.206 < 5.10.248affected
LinuxLinux5.15.146 < 5.15.198affected
LinuxLinux6.1.70 < 6.1.160affected
LinuxLinux6.6.9 < 6.6.120affected
LinuxLinux4.19.304 < 4.20affected
LinuxLinux5.4.266 < 5.5affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux5.10.248 <= 5.10.*unaffected
LinuxLinux5.15.198 <= 5.15.*unaffected
LinuxLinux6.1.160 <= 6.1.*unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.64 <= 6.12.*unaffected
LinuxLinux6.18.4 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References