What is CVE-2025-71096?

CVE-2025-71096 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, affecting Linux kernel versions from 4.7 onward and patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-71096 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-71096?

CVE-2025-71096 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2025-71096?

Yes, CVE-2025-71096 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-71096 actively exploited?

CVE-2025-71096 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-71096

Medium

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call nla_parse_deprecated() to fill the nlattrs array and then directly index that array to get the data for the DGID. Just fail if it is NULL. Remove the for loop searching for the nla, and squash the validation and parsing into one function. Fixes an uninitialized read from the stack triggered by userspace if it does not provide the DGID to a kernel initiated RDMA_NL_LS_OP_IP_RESOLVE query. BUG: KMSAN: uninit-value in hex_byte_pack include/linux/hex.h:13 [inline] BUG: KMSAN: uninit-value in ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490 hex_byte_pack include/linux/hex.h:13 [inline] ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490 ip6_addr_string+0x18a/0x3e0 lib/vsprintf.c:1509 ip_addr_string+0x245/0xee0 lib/vsprintf.c:1633 pointer+0xc09/0x1bd0 lib/vsprintf.c:2542 vsnprintf+0xf8a/0x1bd0 lib/vsprintf.c:2930 vprintk_store+0x3ae/0x1530 kernel/printk/printk.c:2279 vprintk_emit+0x307/0xcd0 kernel/printk/printk.c:2426 vprintk_default+0x3f/0x50 kernel/printk/printk.c:2465 vprintk+0x36/0x50 kernel/printk/printk_safe.c:82 _printk+0x17e/0x1b0 kernel/printk/printk.c:2475 ib_nl_process_good_ip_rsep drivers/infiniband/core/addr.c:128 [inline] ib_nl_handle_ip_res_resp+0x963/0x9d0 drivers/infiniband/core/addr.c:141 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline] rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0xefa/0x11c0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:714 [inline] __sock_sendmsg+0x333/0x3d0 net/socket.c:729 ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2617 ___sys_sendmsg+0x271/0x3b0 net/socket.c:2671 __sys_sendmsg+0x1aa/0x300 net/socket.c:2703 __compat_sys_sendmsg net/compat.c:346 [inline] __do_compat_sys_sendmsg net/compat.c:353 [inline] __se_compat_sys_sendmsg net/compat.c:350 [inline] __ia32_compat_sys_sendmsg+0xa4/0x100 net/compat.c:350 ia32_sys_call+0x3f6c/0x4310 arch/x86/include/generated/asm/syscalls_32.h:371 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:3

Package Linux Kernel

Published 2026-01-13

Last modified 2026-03-25

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-908

CVE-2025-71096 is classified as CWE-908

See CWE-908 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 4.7 and later are affected. Fixed in 5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.64, 6.18.4, 6.19 and their respective stable series.

Affected from

≥ 4.7

Fixed in

✓ 5.10.248 5.10.x ✓ 5.15.198 5.15.x ✓ 6.1.160 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.64 6.12.x ✓ 6.18.4 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-71096 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0b948afc1ded88b3562c893114387f34389eeb94
Patch
Kernel patch commit
https://git.kernel.org/stable/c/376f46c8983458ead26cac83aa897a0b78491831
Patch
Kernel patch commit
https://git.kernel.org/stable/c/45532638de5da24c201aa2a9b3dd4b054064de7b
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2025-71096

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2026-01-13

Modified 2026-03-25

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-71096?

CVE-2025-71096 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 4.7 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-71096 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-71096?

CVE-2025-71096 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2025-71096?

Yes — CVE-2025-71096 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-71096 actively exploited?

No — CVE-2025-71096 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.