CVE-2025-71231

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write8 documents8 sources
Severity
7.1HIGH
EPSS
0.0%
top 96.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 18

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode(). Fix both issues by returning either a valid

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel6.86.12.72+2
CVEListV5linux/linuxb190447e0fa3ef7355480d641d078962e03768b4c77b33b58512708bd5603f48465f018c8b748847+4
Debianlinux< 6.12.73-1+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-mx4x-pxgm-r77w: In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The loc2026-02-18
CVEList
crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode2026-02-18
OSV
CVE-2025-71231: In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local2026-02-18

📋Vendor Advisories

3
Red Hat
kernel: Linux kernel: Denial of Service due to out-of-bounds index in IAA crypto module2026-02-18
Microsoft
crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode2026-02-10
Debian
CVE-2025-71231: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: iaa...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71231 Impact, Exploitability, and Mitigation Steps | Wiz