FKIE_CVE-2025-71133

Vulnerability from fkie_nvd - Published: 2026-01-14 15:16 - Updated: 2026-01-19 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come with different structures pointed to by "ptr" and they may be smaller than struct neighbour. Move the read of neigh->dev under the NETEVENT_NEIGH_UPDATE case. The bug is mostly harmless, but it triggers KASAN on debug kernels: BUG: KASAN: stack-out-of-bounds in irdma_net_event+0x32e/0x3b0 [irdma] Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554 CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x86_64+debug #1 Hardware name: [...] Workqueue: events rt6_probe_deferred Call Trace: <IRQ> dump_stack_lvl+0x60/0xb0 print_address_description.constprop.0+0x2c/0x3f0 print_report+0xb4/0x270 kasan_report+0x92/0xc0 irdma_net_event+0x32e/0x3b0 [irdma] notifier_call_chain+0x9e/0x180 atomic_notifier_call_chain+0x5c/0x110 rt6_do_redirect+0xb91/0x1080 tcp_v6_err+0xe9b/0x13e0 icmpv6_notify+0x2b2/0x630 ndisc_redirect_rcv+0x328/0x530 icmpv6_rcv+0xc16/0x1360 ip6_protocol_deliver_rcu+0xb84/0x12e0 ip6_input_finish+0x117/0x240 ip6_input+0xc4/0x370 ipv6_rcv+0x420/0x7d0 __netif_receive_skb_one_core+0x118/0x1b0 process_backlog+0xd1/0x5d0 __napi_poll.constprop.0+0xa3/0x440 net_rx_action+0x78a/0xba0 handle_softirqs+0x2d4/0x9c0 do_softirq+0xad/0xe0 </IRQ>
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/305c02e541befe4a44ffde30ed374970f41aeb6c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6f05611728e9d0ab024832a4f1abb74a5f5d0bb0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bf197c7c79ef6458d1ee84dd7db251b51784885f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d9b9affd103f51b42322da4ed5ac025b560bc354
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/db93ae6fa66f1c61ae63400191195e3ee58021da
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fc23d05f0b3fb4d80657e7afebae2cae686b31c8
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: avoid invalid read in irdma_net_event\n\nirdma_net_event() should not dereference anything from \"neigh\" (alias\n\"ptr\") until it has checked that the event is NETEVENT_NEIGH_UPDATE.\nOther events come with different structures pointed to by \"ptr\" and they\nmay be smaller than struct neighbour.\n\nMove the read of neigh-\u003edev under the NETEVENT_NEIGH_UPDATE case.\n\nThe bug is mostly harmless, but it triggers KASAN on debug kernels:\n\n BUG: KASAN: stack-out-of-bounds in irdma_net_event+0x32e/0x3b0 [irdma]\n Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554\n\n CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x86_64+debug #1\n Hardware name: [...]\n Workqueue: events rt6_probe_deferred\n Call Trace:\n  \u003cIRQ\u003e\n  dump_stack_lvl+0x60/0xb0\n  print_address_description.constprop.0+0x2c/0x3f0\n  print_report+0xb4/0x270\n  kasan_report+0x92/0xc0\n  irdma_net_event+0x32e/0x3b0 [irdma]\n  notifier_call_chain+0x9e/0x180\n  atomic_notifier_call_chain+0x5c/0x110\n  rt6_do_redirect+0xb91/0x1080\n  tcp_v6_err+0xe9b/0x13e0\n  icmpv6_notify+0x2b2/0x630\n  ndisc_redirect_rcv+0x328/0x530\n  icmpv6_rcv+0xc16/0x1360\n  ip6_protocol_deliver_rcu+0xb84/0x12e0\n  ip6_input_finish+0x117/0x240\n  ip6_input+0xc4/0x370\n  ipv6_rcv+0x420/0x7d0\n  __netif_receive_skb_one_core+0x118/0x1b0\n  process_backlog+0xd1/0x5d0\n  __napi_poll.constprop.0+0xa3/0x440\n  net_rx_action+0x78a/0xba0\n  handle_softirqs+0x2d4/0x9c0\n  do_softirq+0xad/0xe0\n  \u003c/IRQ\u003e"
    }
  ],
  "id": "CVE-2025-71133",
  "lastModified": "2026-01-19T13:16:19.490",
  "metrics": {},
  "published": "2026-01-14T15:16:03.053",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/305c02e541befe4a44ffde30ed374970f41aeb6c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6f05611728e9d0ab024832a4f1abb74a5f5d0bb0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bf197c7c79ef6458d1ee84dd7db251b51784885f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d9b9affd103f51b42322da4ed5ac025b560bc354"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/db93ae6fa66f1c61ae63400191195e3ee58021da"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/fc23d05f0b3fb4d80657e7afebae2cae686b31c8"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.