CVE-2025-71143
Published: 14 January 2026
Summary
CVE-2025-71143 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the array-index-out-of-bounds flaw in the Linux kernel's Exynos clkout driver by applying the specified upstream patches.
Vulnerability scanning identifies systems running vulnerable Linux kernel versions affected by CVE-2025-71143 through version checks and CVE databases.
Ensures organizations receive and act on kernel security advisories reporting CVE-2025-71143 to facilitate flaw detection and patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel out-of-bounds access in local driver enables arbitrary code execution for privilege escalation from low-privileged local context.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer…
more
(UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in exynos_clkout_probe() due to .num being assigned after .hws[] has been accessed: UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18 index 0 is out of range for type 'clk_hw *[*]' Move the .num initialization to before the first access of .hws[], clearing up the warning.
Deeper analysisAI
CVE-2025-71143 is an array-index-out-of-bounds vulnerability in the Linux kernel's Samsung Exynos clock output driver, specifically in the exynos_clkout_probe() function within drivers/clk/samsung/clk-exynos-clkout.c. The issue arises because the .num field in struct clk_hw_onecell_data is assigned after the .hws[] array has been accessed, leading to a UBSAN_BOUNDS warning on index 0 access when the array count is still zero. This stems from a prior commit annotating .hws with __counted_by, which enforces bounds checking. The vulnerability is classified under CWE-129 (Improper Validation of Array Index) with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), in a local attack vector (AV:L) with unchanged scope (S:U). Successful exploitation could result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution or system compromise within the kernel context where the driver is loaded.
Mitigation involves applying the upstream kernel patches referenced in the stable git commits, such as a317f63255ebc3dac378c79c5bff4f8d0561c290, cf33f0b7df13685234ccea7be7bfe316b60db4db, eb1f3a6ab3efee2b52361879cdc2dc6b11f499c0, and fbf57f5e453dadadb3d29b2d1dbe067e3dc4e236. These patches reorder the initialization to assign .num before any .hws[] access, resolving the bounds violation. Security practitioners should update affected Linux kernels, particularly those using Samsung Exynos hardware, to the patched versions.
Details
- CWE(s)