{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71231", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-02-18T14:25:13.845Z", "datePublished": "2026-02-18T14:53:15.668Z", "dateUpdated": "2026-05-11T21:56:52.247Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:56:52.247Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable 'i' is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/intel/iaa/iaa_crypto_main.c"], "versions": [{"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "c77b33b58512708bd5603f48465f018c8b748847", "status": "affected", "versionType": "git"}, {"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "d75207465eed20bc9b0daa4a0927de9568996067", "status": "affected", "versionType": "git"}, {"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "de16f5bca05cace238d237791ed1b6e9d22dab60", "status": "affected", "versionType": "git"}, {"version": "b190447e0fa3ef7355480d641d078962e03768b4", "lessThan": "48329301969f6d21b2ef35f678e40f72b59eac94", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/crypto/intel/iaa/iaa_crypto_main.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.72", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.11", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.1", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.72"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.18.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.19.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847"}, {"url": "https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067"}, {"url": "https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60"}, {"url": "https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94"}], "title": "crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "220B7804-F3AB-442E-BC98-09F0FFCF6295", "versionEndExcluding": "6.12.72", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7099A9EC-3D54-4424-BF01-7224EF88C79C", "versionEndExcluding": "6.18.11", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE543C0D-A06B-414F-A403-CB1E088F261E", "versionEndExcluding": "6.19.1", "versionStartIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable 'i' is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:\n\ncrypto: iaa - Correcci\u00f3n de \u00edndice fuera de l\u00edmites en find_empty_iaa_compression_mode\n\nLa variable local 'i' se inicializa con -EINVAL, pero el bucle for la sobrescribe inmediatamente y -EINVAL nunca se devuelve.\n\nSi no se encuentra ning\u00fan modo de compresi\u00f3n vac\u00edo, la funci\u00f3n devolver\u00eda el \u00edndice fuera de l\u00edmites IAA_COMP_MODES_MAX, lo que causar\u00eda un acceso a array inv\u00e1lido en add_iaa_compression_mode().\n\nSe corrigen ambos problemas devolviendo un \u00edndice v\u00e1lido o -EINVAL."}], "id": "CVE-2025-71231", "lastModified": "2026-03-18T17:18:21.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-18T16:22:29.863", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode", "id": "2440660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440660"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-71231", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-71231\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-71231\nhttps://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71231-5cc3@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c77b33b58512708bd5603f48465f018c8b748847)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d75207465eed20bc9b0daa4a0927de9568996067)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,de16f5bca05cace238d237791ed1b6e9d22dab60)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.72,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.11,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.1,6.20.0)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-20T17:27:52.742359+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to a version that contains the iaa out\u2011of\u2011bounds index fix or apply the specific patch commit to the source tree", "Reboot the system to load the updated kernel and verify the new IAAs code is active", "If immediate patching is not possible, disable or blacklist the affected IAA compression modules until the fix is applied"], "summary": {"action": "Apply patch", "impact": "Kernel memory corruption leading to potential crash"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases prior to the patch commit that introduces the fix are affected. The exact range of affected versions is not listed, but any kernel containing the unpatched iaa implementation and the find_empty_iaa_compression_mode routine may suffer from this flaw.", "description_and_impact": "The vulnerability lies in the crypto IAAs module of the Linux kernel, where the function find_empty_iaa_compression_mode can return the constant IAA_COMP_MODES_MAX instead of a valid index when no empty mode is found. This out\u2011of\u2011bounds index is then used in add_iaa_compression_mode, causing an invalid array access that may corrupt kernel memory or trigger a kernel panic, effectively denying service to the affected system. The weakness is a classic out\u2011of\u2011bounds read, classified as CWE\u2011125.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a moderate-to-severe risk. The EPSS score of less than 1% suggests low exploitation probability in the wild at the time of analysis. The vulnerability is not listed in CISA KEV, implying no known active exploitation. Attacks would most likely require local or privileged access to trigger the faulty path and induce the kernel crash, as no remote vector is described. Thus, the threat is primarily a local denial\u2011of\u2011service scenario."}}}}, "created": "2026-02-19T10:11:56.978409+00:00", "updated": "2026-04-20T17:30:12.657820+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}