CVE-2025-71197

w1: therm: Fix off-by-one buffer overflow in alarms_store

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1'
bytes and a NUL terminator is appended. However, the 'size' argument
does not account for this extra byte. The original code then allocated
'size' bytes and used strcpy() to copy 'buf', which always writes one
byte past the allocated buffer since strcpy() copies until the NUL
terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtoll()
without allocating any intermediate memory or string copying. This
removes the overflow while simplifying the code.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-31 CVE Reserved
2026-02-04 CVE Published
2026-02-09 CVE Updated
2026-03-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/e2c94d6f572079511945e64537eb1218643f2e68	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95	2026-02-06
https://git.kernel.org/stable/c/060b08d72a38b158a7f850d4b83c17c2969e0f6b	2026-02-06
https://git.kernel.org/stable/c/b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cf	2026-02-06
https://git.kernel.org/stable/c/6a5820ecfa5a76c3d3e154802c8c15f391ef442e	2026-01-30
https://git.kernel.org/stable/c/6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0	2026-01-30
https://git.kernel.org/stable/c/e6b2609af21b5cccc9559339591b8a2cbf884169	2026-01-30
https://git.kernel.org/stable/c/761fcf46a1bd797bd32d23f3ea0141ffd437668a	2025-12-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 5.10.249 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.10.249"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 5.15.199 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.15.199"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 6.1.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.1.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 6.6.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.6.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 6.12.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.12.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 6.18.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.18.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 6.19"		en		Affected