Cyber Resilience

CVE-2025-71137

High

Published: 14 January 2026

Published
14 January 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71137 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-71137 is a shift-out-of-bounds error in the octeontx2-pf driver within the Linux kernel. The issue arises when users set the RX ring size (rx_pending) below the permitted length, such as small or zero values, via the ethtool -G command. This triggers a UBSAN shift-out-of-bounds error, classified under CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system disruption within the affected kernel context.

Mitigation involves applying the relevant stable kernel patches, as detailed in the commit references: https://git.kernel.org/stable/c/442848e457f5a9f71a4e7e14d24d73dae278ebe3, https://git.kernel.org/stable/c/4cc4cfe4d23c883120b6f3d41145edbaa281f2ab, https://git.kernel.org/stable/c/5d8dfa3abb9a845302e021cf9c92d941abbc011a, https://git.kernel.org/stable/c/658caf3b8aad65f8b8e102670ca4f68c7030f655, and https://git.kernel.org/stable/c/85f4b0c650d9f9db10bda8d3acfa1af83bf78cf7. These patches ensure the RX ring size is not set below the minimum permitted length.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size (rx_pending) is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small…

more

or zero ring sizes via ethtool -G.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel out-of-bounds write in network driver enables privilege escalation via crafted ethtool command leading to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel
CVE-2026-43500Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.6, 6.19 · 5.6.1 — 5.10.248 · 5.11 — 5.15.198 · 5.16 — 6.1.160

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring identification, testing, and deployment of kernel patches that fix the shift-out-of-bounds error in the octeontx2-pf driver.

prevent

Requires validation of user inputs like RX ring size (rx_pending) via ethtool to prevent setting values below permitted lengths that trigger out-of-bounds shifts.

prevent

Mandates graceful error handling for invalid RX ring sizes to avoid exploitable shift-out-of-bounds conditions in the kernel driver.

References