CVE-2025-71133
Published: 14 January 2026
Summary
CVE-2025-71133 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local OOB read enables kernel memory disclosure (T1005) and system crashes via notifier chain triggering (T1499.004).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdma_net_event irdma_net_event() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE. Other events come with different structures…
more
pointed to by "ptr" and they may be smaller than struct neighbour. Move the read of neigh->dev under the NETEVENT_NEIGH_UPDATE case. The bug is mostly harmless, but it triggers KASAN on debug kernels: BUG: KASAN: stack-out-of-bounds in irdma_net_event+0x32e/0x3b0 [irdma] Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554 CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x86_64+debug #1 Hardware name: [...] Workqueue: events rt6_probe_deferred Call Trace: <IRQ> dump_stack_lvl+0x60/0xb0 print_address_description.constprop.0+0x2c/0x3f0 print_report+0xb4/0x270 kasan_report+0x92/0xc0 irdma_net_event+0x32e/0x3b0 [irdma] notifier_call_chain+0x9e/0x180 atomic_notifier_call_chain+0x5c/0x110 rt6_do_redirect+0xb91/0x1080 tcp_v6_err+0xe9b/0x13e0 icmpv6_notify+0x2b2/0x630 ndisc_redirect_rcv+0x328/0x530 icmpv6_rcv+0xc16/0x1360 ip6_protocol_deliver_rcu+0xb84/0x12e0 ip6_input_finish+0x117/0x240 ip6_input+0xc4/0x370 ipv6_rcv+0x420/0x7d0 __netif_receive_skb_one_core+0x118/0x1b0 process_backlog+0xd1/0x5d0 __napi_poll.constprop.0+0xa3/0x440 net_rx_action+0x78a/0xba0 handle_softirqs+0x2d4/0x9c0 do_softirq+0xad/0xe0 </IRQ>
Deeper analysisAI
CVE-2025-71133 is a vulnerability in the Linux kernel's RDMA/irdma subsystem, specifically an invalid read in the irdma_net_event() function. The issue occurs when the function dereferences a pointer aliasing a "neigh" structure before verifying that the net event is NETEVENT_NEIGH_UPDATE; other events pass different, potentially smaller structures via the same pointer. This leads to an out-of-bounds read (CWE-125), which is mostly harmless in production but triggers KASAN stack-out-of-bounds errors on debug kernels, as seen in traces from IPv6 redirect processing.
A local attacker with low privileges (PR:L) can exploit this with low complexity (AC:L) and no user interaction, achieving high confidentiality (C:H) and availability (A:H) impacts but no integrity effects (CVSS 7.1, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). Exploitation requires local access to trigger affected kernel notifier chains, such as those from rt6_do_redirect or icmpv6_rcv during IPv6 processing, potentially allowing sensitive data disclosure or system crashes via the out-of-bounds access.
Mitigation involves applying upstream kernel patches from the referenced stable commits, including 305c02e541befe4a44ffde30ed374970f41aeb6c, 6f05611728e9d0ab024832a4f1abb74a5f5d0bb0, bf197c7c79ef6458d1ee84dd7db251b51784885f, d9b9affd103f51b42322da4ed5ac025b560bc354, and db93ae6fa66f1c61ae63400191195e3ee58021da. These fixes relocate the neigh->dev read under the NETEVENT_NEIGH_UPDATE case to prevent premature dereferencing.
Details
- CWE(s)