Vulnerability Lookup

🛡️ CVE-2025-71101

🟠 CVSS 7.1 — High ✅ No Known Exploit NVD

7.1

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. These functions parse ACPI packages into internal data structures using a for loop with index variable 'elem' that iterates through enum_obj/integer_obj/order_obj/password_obj/string_obj arrays. When processing multi-element fields like PREREQUISITES and ENUM_POSSIBLE_VALUES, these functions read multiple consecutive array elements using expressions like 'enum_obj[elem + reqs]' and 'enum_obj[elem + pos_values]' within nested loops. The bug is that the bounds check only validated elem, but did not consider the additional offset when accessing elem + reqs or elem + pos_values. The fix changes the bounds check to validate the actual accessed index.

Details

Severity High

CVSS Score 7.1

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2026-01-13

Updated 2026-06-02

Modified 2026-04-16

Fix URL https://git.kernel.org/stable/c/79cab730dbaaac03b946c7f5681bd08c986e2abd

Affected Packages

Software	From version	Fixed in
kernel	6.13.0	6.18.4
linux-kernel	—	—

References

WEB https://git.kernel.org/stable/c/79cab730dbaaac03b946c7f5681bd08c986e2abd

WEB https://git.kernel.org/stable/c/cf7ae870560b988247a4bbbe5399edd326632680

WEB https://git.kernel.org/stable/c/db4c26adf7117b1a4431d1197ae7109fee3230ad

WEB https://git.kernel.org/stable/c/e44c42c830b7ab36e3a3a86321c619f24def5206

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71101.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-71101

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Vulnerability Monitoring

Stay informed about vulnerabilities in your stack

BotEraser monitors your WordPress installation and notifies you when software you use appears in our vulnerability database.

Set Up Free Alerts →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Stay informed about vulnerabilities in your stack

Company

Resources

Services

Trusted

Subscribe