CVE-2025-71101

EPSS 0.03%
Veröffentlicht 13.01.2026 15:34:59
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing

The hp_populate_*_elements_from_package() functions in the hp-bioscfg
driver contain out-of-bounds array access vulnerabilities.

These functions parse ACPI packages into internal data structures using
a for loop with index variable 'elem' that iterates through
enum_obj/integer_obj/order_obj/password_obj/string_obj arrays.

When processing multi-element fields like PREREQUISITES and
ENUM_POSSIBLE_VALUES, these functions read multiple consecutive array
elements using expressions like 'enum_obj[elem + reqs]' and
'enum_obj[elem + pos_values]' within nested loops.

The bug is that the bounds check only validated elem, but did not consider
the additional offset when accessing elem + reqs or elem + pos_values.

The fix changes the bounds check to validate the actual accessed index.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cf7ae870560b988247a4bbbe5399edd326632680

Version e6c7b3e15559699a30646dd45195549c7db447bd

Status affected

Version < db4c26adf7117b1a4431d1197ae7109fee3230ad

Version e6c7b3e15559699a30646dd45195549c7db447bd

Status affected

Version < 79cab730dbaaac03b946c7f5681bd08c986e2abd

Version e6c7b3e15559699a30646dd45195549c7db447bd

Status affected

Version < e44c42c830b7ab36e3a3a86321c619f24def5206

Version e6c7b3e15559699a30646dd45195549c7db447bd

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.4

Status unaffected

Version <= *

Version 6.19-rc4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/cf7ae870560b988247a4bbbe5399edd326632680

https://git.kernel.org/stable/c/db4c26adf7117b1a4431d1197ae7109fee3230ad

https://git.kernel.org/stable/c/79cab730dbaaac03b946c7f5681bd08c986e2abd

https://git.kernel.org/stable/c/e44c42c830b7ab36e3a3a86321c619f24def5206

https://nvd.nist.gov/vuln/detail/CVE-2025-71101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71101

EUVD