CVE-2025-71231

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the crypto/iaa module related to an out-of-bounds index in the find empty iaa compression mode() function. A local variable, i, is initialized incorrectly, and if no empty compression mode is found, the function returns an invalid index (IAA COMP MODES MAX), leading to an invalid array access in the add iaa compression mode() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2025-71231

ECHO-2D34-23C7-211F

OPENSUSE-SU-2026:10387-1

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1041-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:1573-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21284-1

Affected Products

Linux Kernel

CVE-2025-71231

Weakness Enumeration

Related Identifiers

Affected Products

References · 1697