CVE-2025-71068
Description
In the Linux kernel, the following vulnerability has been resolved:
svcrdma: bound check rq_pages index in inline path
svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifying rc_curpage stays within the allocated page array. Add guards before the first use and after advancing to a new page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing bounds check in the Linux kernel's svcrdma inline copy path allows out-of-bounds access to rq_pages, potentially leading to memory corruption or privilege escalation.
Root Cause The svcrdma module's svc_rdma_copy_inline_range function accesses rqstp->rq_pages using an index rc_curpage without verifying it stays within the allocated page array. This oversight allows an out-of-bounds read or write if rc_curpage exceeds the array size [1].
Exploitation An unauthenticated remote attacker with access to an NFS/RDMA service could potentially trigger this flaw by sending a specially crafted RDMA request that causes the inline copy path to increment rc_curpage beyond valid bounds. No special privileges beyond network access are required to reach the affected code [1].
Impact Successful exploitation could lead to memory corruption, resulting in a system crash (denial of service) or, under the right conditions, privilege escalation. The severity is assessed as High with a CVSS v3 score of 7.8 [1].
Mitigation The Linux kernel community has released patches that add bounds checking before the first use of rc_curpage and after advancing to a new page. These fixes are included in stable kernel updates [1]. Users should apply the latest updates from their distribution to remediate the vulnerability.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.11,<5.15.198
- cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- git.kernel.org/stable/c/5f140b525180c628db8fa6c897f138194a2de417nvdPatch
- git.kernel.org/stable/c/7ba826aae1d43212f3baa53a2175ad949e21926envdPatch
- git.kernel.org/stable/c/a22316f5e9a29e4b92030bd8fb9435fe0eb1d5c9nvdPatch
- git.kernel.org/stable/c/d1bea0ce35b6095544ee82bb54156fc62c067e58nvdPatch
- git.kernel.org/stable/c/da1ccfc4c452541584a4eae89e337cfa21be6d5anvdPatch
News mentions
0No linked articles in our index yet.