CVE-2025-71197Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux

13 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.1%
top 83.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedFeb 4
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'siz

Affected Packages12 packages

Linuxlinux/linux_kernel5.8.05.10.249+5
Debianlinux/linux_kernel< 5.10.249-1+3
CVEListV5linux/linuxe2c94d6f572079511945e64537eb1218643f2e6849ff9b4b9deacbefa6654a0a2bcaf910c9de7e95+7
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2025-71197: In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed2026-02-04
OSV
w1: therm: Fix off-by-one buffer overflow in alarms_store2026-02-04
GHSA
GHSA-4c4g-c6q5-6cpq: In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passe2026-02-04

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16

🕵️Threat Intelligence

1
Wiz
CVE-2025-71197 Impact, Exploitability, and Mitigation Steps | Wiz