CVE-2025-71231

Published: Feb 18, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode(). Fix both issues by returning either a valid index or -EINVAL.

Vendor	Product	Versions
Linux	Linux	affected `b190447e0fa3ef7355480d641d078962e03768b4 - < c77b33b58512708bd5603f48465f018c8b748847` affected `b190447e0fa3ef7355480d641d078962e03768b4 - < d75207465eed20bc9b0daa4a0927de9568996067` affected `b190447e0fa3ef7355480d641d078962e03768b4 - < de16f5bca05cace238d237791ed1b6e9d22dab60` affected `b190447e0fa3ef7355480d641d078962e03768b4 - < 48329301969f6d21b2ef35f678e40f72b59eac94`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.12.72 - <= 6.12.` unaffected `6.18.11 - <= 6.18.` unaffected `6.19.1 - <= 6.19.*` +1 more versions

References

https://git.kernel.org/stable/c/c77b33b58512708bd5603f48465f018c8b748847

https://git.kernel.org/stable/c/d75207465eed20bc9b0daa4a0927de9568996067

https://git.kernel.org/stable/c/de16f5bca05cace238d237791ed1b6e9d22dab60

https://git.kernel.org/stable/c/48329301969f6d21b2ef35f678e40f72b59eac94

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-71231

Description

Affected Products

References