Cyber Resilience

CVE-2025-71068

High

Published: 13 January 2026

Published
13 January 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71068 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-71068 is a vulnerability in the Linux kernel's svcrdma component, specifically in the svc_rdma_copy_inline_range function used in the inline data path. The issue arises from indexing rqstp->rq_pages[rc_curpage] without verifying that rc_curpage remains within the bounds of the allocated page array, potentially leading to out-of-bounds access. This flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with significant impacts on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could allow the attacker to read, modify, or corrupt kernel memory beyond the intended array bounds, potentially resulting in arbitrary code execution, privilege escalation, denial of service, or data leakage within the kernel context.

Mitigation is provided through kernel patches available in stable branches, as detailed in the following commit references: https://git.kernel.org/stable/c/5f140b525180c628db8fa6c897f138194a2de417, https://git.kernel.org/stable/c/7ba826aae1d43212f3baa53a2175ad949e21926e, https://git.kernel.org/stable/c/a22316f5e9a29e4b92030bd8fb9435fe0eb1d5c9, https://git.kernel.org/stable/c/d1bea0ce35b6095544ee82bb54156fc62c067e58, and https://git.kernel.org/stable/c/da1ccfc4c452541584a4eae89e337cfa21be6d5a. These commits add bounds checks before the initial use of rc_curpage and after advancing to a new page, resolving the issue. Security practitioners should apply these updates to affected Linux kernel versions supporting svcrdma.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array. Add guards before the first use and after advancing to…

more

a new page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel out-of-bounds access in svcrdma enables direct privilege escalation and arbitrary code execution from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19 · 5.11 — 5.15.198 · 6.0 — 6.6.120 · 6.12 — 6.12.64

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires bounds checking on array indices like rc_curpage before access in svc_rdma_copy_inline_range to prevent out-of-bounds kernel memory access.

prevent

Mandates timely remediation through application of kernel patches that implement the missing bounds checks for this svcrdma vulnerability.

prevent

Enforces memory protections such as kernel address space isolation and guard mechanisms to limit the impact of out-of-bounds access attempts.

References