Out-of-bounds Read Affecting kernel-modules-extra-matched package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL10-KERNELMODULESEXTRAMATCHED-14972711
- published16 Jan 2026
- disclosed1 Jan 2025
Introduced: 1 Jan 2025
CVE-2025-71098 (opens in a new tab)How to fix?
There is no fixed version for RHEL:10 kernel-modules-extra-matched.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-modules-extra-matched package and not the kernel-modules-extra-matched package as distributed by RHEL.
See How to fix? for RHEL:10 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust
Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1].
This involves team or bonding drivers ability to dynamically change their dev->needed_headroom and/or dev->hard_header_len
In this particular crash mld_newpack() allocated an skb with a too small reserve/headroom, and by the time mld_sendpack() was called, syzbot managed to attach an ip6gre device.
[1] skbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888059bc7000 data:ffff888059bc6fe8 tail:0x70 end:0x6c0 dev:team0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:213 ! <TASK> skb_under_panic net/core/skbuff.c:223 [inline] skb_push+0xc3/0xe0 net/core/skbuff.c:2641 ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371 dev_hard_header include/linux/netdevice.h:3436 [inline] neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618 neigh_output include/net/neighbour.h:556 [inline] ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136 __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline] ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:220 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247 NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318 mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855 mld_send_cr net/ipv6/mcast.c:2154 [inline] mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2429095
- https://access.redhat.com/security/cve/CVE-2025-71098
- https://git.kernel.org/stable/c/1717357007db150c2d703f13f5695460e960f26c
- https://git.kernel.org/stable/c/5fe210533e3459197eabfdbf97327dacbdc04d60
- https://git.kernel.org/stable/c/91a2b25be07ce1a7549ceebbe82017551d2eec92
- https://git.kernel.org/stable/c/adee129db814474f2f81207bd182bf343832a52e
- https://git.kernel.org/stable/c/db5b4e39c4e63700c68a7e65fc4e1f1375273476
- https://git.kernel.org/stable/c/17e7386234f740f3e7d5e58a47b5847ea34c3bc2
- https://git.kernel.org/stable/c/41a1a3140aff295dee8063906f70a514548105e8