DEBIAN-CVE-2025-71133

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-71133
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71133.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-71133
Upstream
Downstream
Published
2026-01-14T15:16:03.053Z
Modified
2026-02-09T21:32:26.347059Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent() should not dereference anything from "neigh" (alias "ptr") until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointed to by "ptr" and they may be smaller than struct neighbour. Move the read of neigh->dev under the NETEVENTNEIGHUPDATE case. The bug is mostly harmless, but it triggers KASAN on debug kernels: BUG: KASAN: stack-out-of-bounds in irdmanetevent+0x32e/0x3b0 [irdma] Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554 CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x8664+debug #1 Hardware name: [...] Workqueue: events rt6probedeferred Call Trace: <IRQ> dumpstacklvl+0x60/0xb0 printaddressdescription.constprop.0+0x2c/0x3f0 printreport+0xb4/0x270 kasanreport+0x92/0xc0 irdmanetevent+0x32e/0x3b0 [irdma] notifiercallchain+0x9e/0x180 atomicnotifiercallchain+0x5c/0x110 rt6doredirect+0xb91/0x1080 tcpv6err+0xe9b/0x13e0 icmpv6notify+0x2b2/0x630 ndiscredirectrcv+0x328/0x530 icmpv6rcv+0xc16/0x1360 ip6protocoldeliverrcu+0xb84/0x12e0 ip6inputfinish+0x117/0x240 ip6input+0xc4/0x370 ipv6rcv+0x420/0x7d0 _netifreceiveskbonecore+0x118/0x1b0 processbacklog+0xd1/0x5d0 _napipoll.constprop.0+0xa3/0x440 netrxaction+0x78a/0xba0 handlesoftirqs+0x2d4/0x9c0 do_softirq+0xad/0xe0 </IRQ>

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.162-1

Affected versions

6.*
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.1.112-1
6.1.115-1
6.1.119-1
6.1.123-1
6.1.124-1
6.1.128-1
6.1.129-1
6.1.133-1
6.1.135-1
6.1.137-1
6.1.139-1
6.1.140-1
6.1.147-1
6.1.148-1
6.1.153-1
6.1.158-1
6.1.159-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71133.json"

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.69-1

Affected versions

6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.12.57-1~bpo12+1
6.12.57-1
6.12.63-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71133.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.18.5-1

Affected versions

6.*
6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.12.57-1~bpo12+1
6.12.57-1
6.12.63-1
6.12.69-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1
6.16.3-1~bpo13+1
6.16.3-1
6.16.5-1
6.16.6-1
6.16.7-1
6.16.8-1
6.16.9-1
6.16.10-1
6.16.11-1
6.16.12-1~bpo13+1
6.16.12-1
6.16.12-2
6.17.2-1~exp1
6.17.5-1~exp1
6.17.6-1
6.17.7-1
6.17.7-2
6.17.8-1~bpo13+1
6.17.8-1
6.17.9-1
6.17.10-1
6.17.11-1
6.17.12-1
6.17.13-1~bpo13+1
6.17.13-1
6.18~rc4-1~exp1
6.18~rc4-1~exp2
6.18~rc5-1~exp1
6.18~rc6-1~exp1
6.18~rc7-1~exp1
6.18.1-1~exp1
6.18.2-1~exp1
6.18.3-1
6.18.5-1~bpo13+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-71133.json"