CVE-2025-71231
HIGH EPSS 1.9%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode(). Fix both issues by returning either a valid index or -EINVAL.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94
- git.kernel.org https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847
- git.kernel.org https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067
- git.kernel.org https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60
Remediation
- git.kernel.org https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94
- git.kernel.org https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847
- git.kernel.org https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067
- git.kernel.org https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60