CVE-2025-71101 — Out-of-bounds Read in Linux
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing
The hp_populate_*_elements_from_package() functions in the hp-bioscfg
driver contain out-of-bounds array access vulnerabilities.
These functions parse ACPI packages into internal data structures using
a for loop with index variable 'elem' that iterates through
enum_obj/integer_obj/order_obj/password_obj/string_obj arrays.
When processing multi-e…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages15 packages
▶CVEListV5linux/linuxe6c7b3e15559699a30646dd45195549c7db447bd — cf7ae870560b988247a4bbbe5399edd326632680+4
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-r28f-pmvp-8355: In the Linux kernel, the following vulnerability has been resolved:
platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing↗2026-01-13
OSV▶
CVE-2025-71101: In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing T↗2026-01-13