CVE-2025-71306
Awaiting Analysis Awaiting Analysis - Queue
Stack Out-of-Bounds in Linux Kernel IMA

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec() KASAN reported a stack-out-of-bounds access in ima_appraise_measurement from is_bprm_creds_for_exec: BUG: KASAN: stack-out-of-bounds in ima_appraise_measurement+0x12dc/0x16a0 Read of size 1 at addr ffffc9000160f940 by task sudo/550 The buggy address belongs to stack of task sudo/550 and is located at offset 24 in frame: ima_appraise_measurement+0x0/0x16a0 This frame has 2 objects: [48, 56) 'file' [80, 148) 'hash' This is caused by using container_of on the *file pointer. This offset calculation is what triggers the stack-out-of-bounds error. In order to fix this, pass in a bprm_is_check boolean which can be set depending on how process_measurement is called. If the caller has a linux_binprm pointer and the function is BPRM_CHECK we can determine is_check and set it then. Otherwise set it to false.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71306
EUVD
EUVD-2025-209970
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-out-of-bounds error in the Linux kernel's Integrity Measurement Architecture (IMA) component, specifically in the function is_bprm_creds_for_exec().

The error occurs because of incorrect use of the container_of macro on a file pointer, which leads to an invalid offset calculation and causes the program to read beyond the allocated stack memory.

This was detected by the Kernel Address Sanitizer (KASAN) tool, which reported a stack-out-of-bounds access during the execution of ima_appraise_measurement.

The fix involves passing a boolean flag (bprm_is_check) to correctly determine how the process_measurement function is called, preventing the erroneous offset calculation and thus avoiding the out-of-bounds access.

Impact Analysis

This vulnerability involves a stack-out-of-bounds access in the Linux kernel's IMA (Integrity Measurement Architecture) component, specifically in the function is_bprm_creds_for_exec. Such a flaw can potentially lead to memory corruption, which might cause system instability, crashes, or could be exploited to execute arbitrary code with kernel privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71306. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart