CVE-2025-71086

EUVD-2026-2247

13.01.2026, 16:16

In the Linux kernel, the following vulnerability has been resolved:

net: rose: fix invalid array index in rose_kill_by_device()

rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down.

The loop mistakenly indexes array[cnt] instead of array[i]. For cnt <
ARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==
ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to
an invalid socket pointer dereference and also leaks references taken
via sock_hold().

Fix the index to use i.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	4.19.304 ≤ 𝑥 < 4.20
linux	linux_kernel	5.4.266 ≤ 𝑥 < 5.5
linux	linux_kernel	5.10.206 ≤ 𝑥 < 5.10.248
linux	linux_kernel	5.15.146 ≤ 𝑥 < 5.15.198
linux	linux_kernel	6.1.70 ≤ 𝑥 < 6.1.160
linux	linux_kernel	6.6.9 ≤ 𝑥 < 6.6.120
linux	linux_kernel	6.7.1 ≤ 𝑥 < 6.12.64
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.4
linux	linux_kernel	6.7
linux	linux_kernel	6.19:rc1
linux	linux_kernel	6.19:rc2
linux	linux_kernel	6.19:rc3
linux	linux_kernel	6.19:rc4
linux	linux_kernel	6.19:rc5
linux	linux_kernel	6.19:rc6
linux	linux_kernel	6.19:rc7
linux	linux_kernel	6.19:rc8

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.164-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.251-1 fixed
forky	6.19.11-1 fixed
sid	6.19.11-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.74-2 fixed

linux-6.1

bullseye (security)

6.1.164-1~deb11u1

fixed

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-01-13T23:00:00+00:00

References

https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981

https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4

https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042

https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38

https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280

https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e

https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451