AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-71093: In the Linux kernel, the following vulnerability has been resolved: e1000: fix OOB in e1000_tbi_should_accept() In e10

infovulnerability

security

Source: NVD/CVE DatabaseJanuary 13, 2026CVE-2025-71093

Summary

A vulnerability (OOB, or out-of-bounds memory access, where code reads memory it shouldn't) exists in the Linux kernel's e1000 network driver in the e1000_tbi_should_accept() function. When processing incoming network data, the function tries to read the last byte of a frame without checking if the reported frame length is valid, potentially accessing memory outside the allocated buffer and crashing the system.

Solution / Mitigation

The fix rejects frames early if the length is zero or exceeds adapter->rx_buffer_len before attempting to read the last byte. This prevents the out-of-bounds read while preserving the TBI workaround (a workaround for a hardware quirk) for valid frames.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-71093

First tracked: February 15, 2026 at 08:36 PM

Classified by LLM (prompt v3) · confidence: 95%