CVE-2025-71231 - Vulnerability Details

- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode

The local variable 'i' is initialized with -EINVAL, but the for loop
immediately overwrites it and -EINVAL is never returned.

If no empty compression mode can be found, the function would return the
out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid
array access in add_iaa_compression_mode().

Fix both issues by returning either a valid index or -EINVAL.

Published: 2026-02-18

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the crypto IAAs module of the Linux kernel, where the function find_empty_iaa_compression_mode can return the constant IAA_COMP_MODES_MAX instead of a valid index when no empty mode is found. This out‑of‑bounds index is then used in add_iaa_compression_mode, causing an invalid array access that may corrupt kernel memory or trigger a kernel panic, effectively denying service to the affected system. The weakness is a classic out‑of‑bounds read, classified as CWE‑125.

Affected Systems

All Linux kernel releases prior to the patch commit that introduces the fix are affected. The exact range of affected versions is not listed, but any kernel containing the unpatched iaa implementation and the find_empty_iaa_compression_mode routine may suffer from this flaw.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate-to-severe risk. The EPSS score of less than 1% suggests low exploitation probability in the wild at the time of analysis. The vulnerability is not listed in CISA KEV, implying no known active exploitation. Attacks would most likely require local or privileged access to trigger the faulty path and induce the kernel crash, as no remote vector is described. Thus, the threat is primarily a local denial‑of‑service scenario.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`b190447e0fa3ef7355480d641d078962e03768b4`	affected	< c77b33b58512708bd5603f48465f018c8b748847
`b190447e0fa3ef7355480d641d078962e03768b4`	affected	< d75207465eed20bc9b0daa4a0927de9568996067
`b190447e0fa3ef7355480d641d078962e03768b4`	affected	< de16f5bca05cace238d237791ed1b6e9d22dab60
`b190447e0fa3ef7355480d641d078962e03768b4`	affected	< 48329301969f6d21b2ef35f678e40f72b59eac94

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.12.72`	unaffected	≤ 6.12.*
`6.18.11`	unaffected	≤ 6.18.*
`6.19.1`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c77b33b58512708bd5603f48465f018c8b748847)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d75207465eed20bc9b0daa4a0927de9568996067)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,de16f5bca05cace238d237791ed1b6e9d22dab60)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.12.72,6.13.0)`	unaffected	semver	—
`[6.18.11,6.19.0)`	unaffected	semver	—
`[6.19.1,6.20.0)`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a version that contains the iaa out‑of‑bounds index fix or apply the specific patch commit to the source tree
Reboot the system to load the updated kernel and verify the new IAAs code is active
If immediate patching is not possible, disable or blacklist the affected IAA compression modules until the fix is applied

Generated by OpenCVE AI on April 20, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6141-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94
https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847
https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067
https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60
https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71231-5cc3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71231
https://www.cve.org/CVERecord?id=CVE-2025-71231

History

Wed, 18 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

Mon, 23 Feb 2026 03:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94

Thu, 19 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71231-5cc3@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71231 https://www.cve.org/CVERecord?id=CVE-2025-71231
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 18 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode(). Fix both issues by returning either a valid index or -EINVAL.
Title		crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847 https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067 https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-18T14:53:15.668Z

Updated: 2026-04-13T06:02:18.937Z

Reserved: 2026-02-18T14:25:13.845Z

Link: CVE-2025-71231

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-18T16:22:29.863

Modified: 2026-03-18T17:18:21.553

Link: CVE-2025-71231

Redhat

Severity : Important

Publid Date: 2026-02-18T00:00:00Z

Links: CVE-2025-71231 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T17:30:12Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object