Cyber Resilience

CVE-2025-71101

High

Published: 13 January 2026

Published
13 January 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0001 1.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71101 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-71101 is an out-of-bounds array access vulnerability (CWE-125) in the Linux kernel's platform/x86 hp-bioscfg driver. The issue affects functions such as hp_populate_*_elements_from_package(), which parse ACPI packages into internal data structures. These functions use a for loop with index 'elem' to iterate through arrays like enum_obj, integer_obj, and others, but when handling multi-element fields such as PREREQUISITES and ENUM_POSSIBLE_VALUES, they access elements via offsets (e.g., enum_obj[elem + reqs] or enum_obj[elem + pos_values]) without validating the full index, leading to potential out-of-bounds reads.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), achieving high impacts on confidentiality (C:H) and availability (A:H) in the unchanged security scope (S:U), but no integrity impact (I:N). The CVSS v3.1 base score is 7.1. Exploitation requires local access to the system running the vulnerable kernel.

Mitigation is available via patches in Linux kernel stable releases, which update the bounds checks in the affected functions to validate the actual accessed indices, including offsets. Relevant commits include: https://git.kernel.org/stable/c/79cab730dbaaac03b946c7f5681bd08c986e2abd, https://git.kernel.org/stable/c/cf7ae870560b988247a4bbbe5399edd326632680, https://git.kernel.org/stable/c/db4c26adf7117b1a4431d1197ae7109fee3230ad, and https://git.kernel.org/stable/c/e44c42c830b7ab36e3a3a86321c619f24def5206.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI packages into internal data…

more

structures using a for loop with index variable 'elem' that iterates through enum_obj/integer_obj/order_obj/password_obj/string_obj arrays. When processing multi-element fields like PREREQUISITES and ENUM_POSSIBLE_VALUES, these functions read multiple consecutive array elements using expressions like 'enum_obj[elem + reqs]' and 'enum_obj[elem + pos_values]' within nested loops. The bug is that the bounds check only validated elem, but did not consider the additional offset when accessing elem + reqs or elem + pos_values. The fix changes the bounds check to validate the actual accessed index.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read in kernel driver enables local low-priv exploitation for credential/memory disclosure (T1212) or system DoS (T1499.004); potential escalation path exists despite unchanged scope (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23076Same product: Linux Linux Kernel
CVE-2025-71136Same product: Linux Linux Kernel
CVE-2026-31528Same product: Linux Linux Kernel
CVE-2024-57982Same product: Linux Linux Kernel
CVE-2025-21743Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19, 6.6 · 6.6.1 — 6.6.120 · 6.7 — 6.12.64 · 6.13 — 6.18.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input data (ACPI packages) and computed indices before array access, which is exactly the missing check that caused the OOB read.

prevent

Mandates timely application of patches that correct the flawed bounds checks in hp_populate_*_elements_from_package().

prevent

Provides memory-protection mechanisms that can limit the impact of out-of-bounds reads in kernel drivers.

References