Description

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode(). Fix both issues by returning either a valid index or -EINVAL.

INFO

Published Date :

2026-02-18T14:53:15.668Z

Last Modified :

2026-02-23T03:16:10.782Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-71231 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71231.

URL Resource
https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94 cve-icon cve-icon
https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847 cve-icon cve-icon
https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067 cve-icon cve-icon
https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71231-5cc3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-71231 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-71231 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact