CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: avoid invalid read in irdma_net_event
irdma_net_event() should not dereference anything from "neigh" (alias
"ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE.
Other events come with different structures pointed to by "ptr" and they
may be smaller than struct neighbour.
Move the read of neigh->dev under the NETEVENT_NEIGH_UPDATE case.
The bug is mostly harmless, but it triggers KASAN on debug kernels:
BUG: KASAN: stack-out-of-bounds in irdma_net_event+0x32e/0x3b0 [irdma]
Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554
CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x86_64+debug #1
Hardware name: [...]
Workqueue: events rt6_probe_deferred
Call Trace:
<IRQ>
dump_stack_lvl+0x60/0xb0
print_address_description.constprop.0+0x2c/0x3f0
print_report+0xb4/0x270
kasan_report+0x92/0xc0
irdma_net_event+0x32e/0x3b0 [irdma]
notifier_call_chain+0x9e/0x180
atomic_notifier_call_chain+0x5c/0x110
rt6_do_redirect+0xb91/0x1080
tcp_v6_err+0xe9b/0x13e0
icmpv6_notify+0x2b2/0x630
ndisc_redirect_rcv+0x328/0x530
icmpv6_rcv+0xc16/0x1360
ip6_protocol_deliver_rcu+0xb84/0x12e0
ip6_input_finish+0x117/0x240
ip6_input+0xc4/0x370
ipv6_rcv+0x420/0x7d0
__netif_receive_skb_one_core+0x118/0x1b0
process_backlog+0xd1/0x5d0
__napi_poll.constprop.0+0xa3/0x440
net_rx_action+0x78a/0xba0
handle_softirqs+0x2d4/0x9c0
do_softirq+0xad/0xe0
</IRQ>
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue is an invalid memory read in the RDMA irdma network event handler. The source says the bug is mostly harmless and mainly triggers KASAN reports on debug kernels. There is no CVSS score, CWE, or KEV evidence of active exploitation in the provided sources.
Executive priority
Treat this as a low-urgency kernel maintenance item unless your environment relies on RDMA/irdma or debug kernels. No active exploitation is evidenced, but affected systems should receive normal vendor kernel updates.
Technical view
irdma_net_event dereferenced ptr as struct neighbour before confirming the event was NETEVENT_NEIGH_UPDATE. Other netevent types can pass different, smaller structures, causing a stack out-of-bounds read. The fix moves neigh->dev access under the NETEVENT_NEIGH_UPDATE case.
Likely exposure
Exposure is most relevant to Linux systems running affected kernel versions where RDMA/irdma code is present or loaded. The source lists affected Linux kernel lines from 5.14 through versions before fixed stable releases, but package-level distribution impact is not provided.
Exploitation context
The provided record does not claim active exploitation, public exploit availability, privilege requirements, or remote attackability. KEV is false. The included trace shows a KASAN detection path involving IPv6 network events on a debug kernel.
Researcher notes
The vulnerability is a type confusion-style invalid read caused by early dereference of a netevent pointer before event-type validation. Impact evidence is limited to KASAN stack out-of-bounds reporting; confidentiality, integrity, and availability effects are not established in the bundle.
Mitigation direction
Check Linux vendor or distribution advisories for fixed kernel packages.
Update to a kernel containing the referenced stable commits when available.
Prioritize debug, test, and RDMA-enabled Linux systems for review.
Avoid assuming exploitability without vendor or kernel maintainer guidance.
Validation and detection
Inventory Linux kernel versions against the affected ranges in the CVE record.
Check whether the irdma module or related RDMA functionality is present or loaded.
Review kernel logs for KASAN or irdma_net_event stack out-of-bounds reports.
Confirm deployed kernels include one of the referenced stable fixes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2025-71133 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.