CVE-2025-71137Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-190Integer Overflow or Wraparound30 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
LinuxLinux KernelDebian Linux+11 more
Timeline
PublishedJan 14
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring sizes via ethtool -G.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

Linuxlinux/linux_kernel5.6.05.10.248+5
NVDlinux/linux_kernel5.6.15.10.248+7
Debianlinux/linux_kernel< 5.10.249-1+3
Ubuntulinux/linux_kernel< 5.15.0-173.183
CVEListV5linux/linuxd45d8979840d9c9ac93d3fe8cfc8e794b72284455d8dfa3abb9a845302e021cf9c92d941abbc011a+7

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

10
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-intel-iot-realtime vulnerabilities2026-03-23
OSV
linux-nvidia-tegra-igx vulnerabilities2026-03-23
OSV
linux-realtime vulnerabilities2026-03-17
OSV
linux-aws-5.15, linux-gcp-5.15, linux-gke, linux-hwe-5.15, linux-intel-iotg-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities2026-03-17

📋Vendor Advisories

18
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-71137 Impact, Exploitability, and Mitigation Steps | Wiz