CVE-2025-71068
Published: 13 January 2026
Summary
CVE-2025-71068 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-71068 is a vulnerability in the Linux kernel's svcrdma component, specifically in the svc_rdma_copy_inline_range function used in the inline data path. The issue arises from indexing rqstp->rq_pages[rc_curpage] without verifying that rc_curpage remains within the bounds of the allocated page array, potentially leading to out-of-bounds access. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with significant impacts on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could allow the attacker to read, modify, or corrupt kernel memory beyond the intended array bounds, potentially resulting in arbitrary code execution, privilege escalation, denial of service, or data leakage within the kernel context.
Mitigation is provided through kernel patches available in stable branches, as detailed in the following commit references: https://git.kernel.org/stable/c/5f140b525180c628db8fa6c897f138194a2de417, https://git.kernel.org/stable/c/7ba826aae1d43212f3baa53a2175ad949e21926e, https://git.kernel.org/stable/c/a22316f5e9a29e4b92030bd8fb9435fe0eb1d5c9, https://git.kernel.org/stable/c/d1bea0ce35b6095544ee82bb54156fc62c067e58, and https://git.kernel.org/stable/c/da1ccfc4c452541584a4eae89e337cfa21be6d5a. These commits add bounds checks before the initial use of rc_curpage and after advancing to a new page, resolving the issue. Security practitioners should apply these updates to affected Linux kernel versions supporting svcrdma.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2279
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array. Add guards before the first use and after advancing to…
more
a new page.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel out-of-bounds access in svcrdma enables direct privilege escalation and arbitrary code execution from low-privileged context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires bounds checking on array indices like rc_curpage before access in svc_rdma_copy_inline_range to prevent out-of-bounds kernel memory access.
Mandates timely remediation through application of kernel patches that implement the missing bounds checks for this svcrdma vulnerability.
Enforces memory protections such as kernel address space isolation and guard mechanisms to limit the impact of out-of-bounds access attempts.