CVE-2025-71231
Published: 18 February 2026
Summary
CVE-2025-71231 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2025-71231 is a vulnerability in the Linux kernel's crypto/iaa subsystem, specifically in the find_empty_iaa_compression_mode function. The issue arises because the local variable 'i' is initialized to -EINVAL but immediately overwritten by a for loop, preventing the error code from being returned. If no empty compression mode is found, the function returns the out-of-bounds index IAA_COMP_MODES_MAX, leading to an invalid array access in add_iaa_compression_mode(). This out-of-bounds read is classified under CWE-125 and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H). The vulnerability was published on 2026-02-18.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows reading of sensitive data (high confidentiality impact) and disruption of system availability (high availability impact), such as through denial of service via kernel crashes, while integrity remains unaffected.
Mitigation is provided through upstream kernel patches. Relevant fixes are available in the following stable kernel commits: https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94, https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847, https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067, and https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60. Security practitioners should apply these patches to affected Linux kernel versions supporting the IAA crypto driver.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207667
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no…
more
empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode(). Fix both issues by returning either a valid index or -EINVAL.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read enables local kernel memory disclosure (T1005); invalid access triggers kernel panic/DoS (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the upstream kernel patches that correct the index initialization and out-of-bounds return in find_empty_iaa_compression_mode.
Least-functionality principle allows disabling the iaa crypto driver entirely when IAA compression is not required, eliminating the vulnerable code path.
Memory-protection mechanisms can detect or block the invalid array access that occurs when IAA_COMP_MODES_MAX is erroneously returned.