CVE-2025-71137

HIGH

Linux Kernel 5.6.0-6.18.4 - Out-of-bounds Write in octeontx2-pf RX Ring Size Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring sizes via ethtool -G.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/b23a2e15589466a027c9baa3fb5813c9f6a6c6dc

Patch

https://git.kernel.org/stable/c/5d8dfa3abb9a845302e021cf9c92d941abbc011a

Patch

https://git.kernel.org/stable/c/4cc4cfe4d23c883120b6f3d41145edbaa281f2ab

Patch

https://git.kernel.org/stable/c/658caf3b8aad65f8b8e102670ca4f68c7030f655

Patch

https://git.kernel.org/stable/c/aa743b0d98448282b2cb37356db8db2a48524624

Patch

https://git.kernel.org/stable/c/442848e457f5a9f71a4e7e14d24d73dae278ebe3

Patch

https://git.kernel.org/stable/c/85f4b0c650d9f9db10bda8d3acfa1af83bf78cf7

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (25)

linux/Kernel 5.11.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.160linux

linux/Kernel 5.6.0 - 5.10.248linux

linux/Kernel 6.13.0 - 6.18.4linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.64linux

Linux/Linux < 5.6

Linux/Linux 5.10.248 - 5.10.*

Linux/Linux 5.15.198 - 5.15.*

Linux/Linux 5.6

... and 15 more

Published Jan 14, 2026

Tracked Since Feb 18, 2026