Zero Day MonitorZDM

← Back to list

7.8

CVE-2025-71086PATCHED

linux · linux_kernel

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then i

Description

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then iterates over them to disconnect sockets bound to a device being brought down. The loop mistakenly indexes array[cnt] instead of array[i]. For cnt < ARRAY_SIZE(array), this reads an uninitialized entry; for cnt == ARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to an invalid socket pointer dereference and also leaks references taken via sock_hold(). Fix the index to use i.

Affected Products

Vendor	Product	Versions
linux	linux_kernel	< 4.20, < 5.5, < 5.10.248, < 5.15.198, < 6.1.160, < 6.6.120, < 6.12.64, < 6.18.4

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
amazon	amazon linux	cert_advisory	90%
canonical	ubuntu linux	cert_advisory	90%
debian	debian linux	cert_advisory	90%
ibm	ibm qradar siem	cert_advisory	90%
open source	open source linux kernel	cert_advisory	90%

References

Related News (5 articles)

Tier B

CERT-FR15h ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (10 avril 2026)

→ No new info (linked only)

Tier B

CERT-FR7d ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (03 avril 2026)

→ No new info (linked only)

Tier B

BSI Advisories8d ago

[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR14d ago

Multiples vulnérabilités dans le noyau Linux de SUSE (27 mars 2026)

→ No new info (linked only)

Tier B

CERT-FR14d ago

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (27 mars 2026)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.205.55.10.2485.15.1986.1.1606.6.1206.12.646.18.4

CWECWE-129

PublishedJan 13, 2026

Last enriched8d ago

Trending Score38

Source articles5

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-23406EXP

apparmor: fix side-effect bug in match_char() macro usage

HIGHCVE-2026-23400EXP

In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The

HIGHCVE-2026-31412EXP

usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()

HIGHCVE-2026-23398EXP

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_d

HIGHCVE-2026-23001

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jan 13, 2026

Patch Available

Mar 25, 2026

Discovered by ZDM

Apr 1, 2026