CVE-2025-71086

net: rose: fix invalid array index in rose_kill_by_device()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then
iterates over them to disconnect sockets bound to a device being brought
down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt <
ARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==
ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to
an invalid socket pointer dereference and also leaks references taken
via sock_hold(). Fix the index to use i.

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-01-13 CVE Published
2026-05-11 CVE Updated
2026-05-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/12e5a4719c99d7f4104e7e962393dfb8baa1c591	Vuln. Introduced
https://git.kernel.org/stable/c/c0e527c532a07556ca44642f5873b002c44da22c	Vuln. Introduced
https://git.kernel.org/stable/c/3e0d1585799d8a991eba9678f297fd78d9f1846e	Vuln. Introduced
https://git.kernel.org/stable/c/ffced26692f83212aa09d0ece0213b23cc2f611d	Vuln. Introduced
https://git.kernel.org/stable/c/64b8bc7d5f1434c636a40bdcfcd42b278d1714be	Vuln. Introduced
https://git.kernel.org/stable/c/bd7de4734535140fda33240c2335a07fdab6f88e	Vuln. Introduced
https://git.kernel.org/stable/c/b10265532df7bc3666bc53261b7f03f0fd14b1c9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042	2026-01-19
https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451	2026-01-19
https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981	2026-01-11
https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280	2026-01-11
https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e	2026-01-08
https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38	2026-01-08
https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4	2025-12-30

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.206 < 5.10.248 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.206 < 5.10.248"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.146 < 5.15.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.146 < 5.15.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.70 < 6.1.160 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.70 < 6.1.160"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.9 < 6.6.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.9 < 6.6.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.12.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.12.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.18.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.19.304 Search vendor "Linux" for product "Linux Kernel" and version "4.19.304"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.4.266 Search vendor "Linux" for product "Linux Kernel" and version "5.4.266"		en		Affected