CVE-2025-71136

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the adv7842 cp log status() function related to potential out-of-bounds array accesses. The issue arises because the cp read() and hdmi read() functions can return an error (-EIO) which is then used as an index to access arrays, potentially leading to a crash or other unexpected behavior. The fix involves checking the return values of these functions before using them as array indexes. This issue was discovered by the Linux Verification Center (linuxtesting.org) using SVACE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-252

Related Identifiers

BDU:2026-01568

CVE-2025-71136

ECHO-A567-D0FC-1362

MGASA-2026-0017

MGASA-2026-0018

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0471-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8096-1

USN-8096-2

USN-8096-3

USN-8096-4

USN-8096-5

USN-8116-1

USN-8141-1

USN-8163-1

USN-8163-2

USN-8177-1

USN-8177-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8183-1

USN-8183-2

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8243-1

USN-8245-1

USN-8257-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-71136

Weakness Enumeration

Related Identifiers

Affected Products

References · 2436