CVE-2025-71085 — Reachable Assertion in Linux
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 93.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
There exists a kernel oops caused by a BUG_ON(nhead INT_MAX
(i.e. (int)(skb_headroom(skb) + len_delta) skb_headroom(skb)) is meant to ensure
that delta = headroom - skb_headroom(skb) is never negative, otherwise
we will trigger a BUG_ON in pskb_expand_head(). However, if
headroom > INT_MAX and delta cmsg_len = cmsg_len;
cmsg->cmsg_level = IPPROTO_IPV6;
cmsg-…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages17 packages
▶CVEListV5linux/linux2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 — 86f365897068d09418488165a68b23cb5baa37f2+7
Patches
🔴Vulnerability Details
10OSV▶
linux-aws-5.15, linux-gcp-5.15, linux-gke, linux-hwe-5.15, linux-intel-iotg-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities↗2026-03-17
📋Vendor Advisories
18🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2025-71085 kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()↗2026-01-13