CVE-2025-71101

HIGH EPSS 1.9%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI packages into internal data structures using a for loop with index variable 'elem' that iterates through enum_obj/integer_obj/order_obj/password_obj/string_obj arrays. When processing multi-element fields like PREREQUISITES and ENUM_POSSIBLE_VALUES, these functions read multiple consecutive array elements using expressions like 'enum_obj[elem + reqs]' and 'enum_obj[elem + pos_values]' within nested loops. The bug is that the bounds check only validated elem, but did not consider the additional offset when accessing elem + reqs or elem + pos_values. The fix changes the bounds check to validate the actual accessed index.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥6.6.1  –  <6.6.120
linuxlinux_kernel*≥6.7  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.18.4
linuxlinux_kernel6.6any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/79cab730dbaaac03b946c7f5681bd08c986e2abd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf7ae870560b988247a4bbbe5399edd326632680
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db4c26adf7117b1a4431d1197ae7109fee3230ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e44c42c830b7ab36e3a3a86321c619f24def5206
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/79cab730dbaaac03b946c7f5681bd08c986e2abd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf7ae870560b988247a4bbbe5399edd326632680
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db4c26adf7117b1a4431d1197ae7109fee3230ad
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e44c42c830b7ab36e3a3a86321c619f24def5206
    Patch