CVE-2025-71197
Off-by-One Buffer Overflow in Linux Kernel w1 Therm Component
Publication date: 2026-02-04
Last updated on: 2026-02-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an off-by-one buffer overflow in the Linux kernel's w1 therm driver, specifically in the alarms_store function. The issue arises because the buffer passed to alarms_store() is allocated with 'size + 1' bytes to include a NUL terminator, but the 'size' argument does not account for this extra byte. The original code allocated only 'size' bytes and used strcpy() to copy the buffer, which copies until the NUL terminator, causing it to write one byte beyond the allocated buffer.
The fix involved changing the code to parse the input buffer directly using simple_strtoll() without allocating intermediate memory or copying strings, thereby removing the overflow and simplifying the code.
How can this vulnerability impact me? :
An off-by-one buffer overflow can potentially lead to memory corruption, which might be exploited by an attacker to cause a denial of service (system crash) or possibly execute arbitrary code with kernel privileges. This could compromise system stability and security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know