CVE-2025-71197
Published: Feb 4, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtoll() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e2c94d6f572079511945e64537eb1218643f2e68 - < 49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95affected e2c94d6f572079511945e64537eb1218643f2e68 - < 060b08d72a38b158a7f850d4b83c17c2969e0f6baffected e2c94d6f572079511945e64537eb1218643f2e68 - < b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cfaffected e2c94d6f572079511945e64537eb1218643f2e68 - < 6a5820ecfa5a76c3d3e154802c8c15f391ef442eaffected e2c94d6f572079511945e64537eb1218643f2e68 - < 6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0+2 more versions |
Linux | Linux | affected 5.8unaffected 0 - < 5.8unaffected 5.10.249 - <= 5.10.*unaffected 5.15.199 - <= 5.15.*unaffected 6.1.162 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now