CVE-2025-71197
Description
In the Linux kernel, the following vulnerability has been resolved:
w1: therm: Fix off-by-one buffer overflow in alarms_store
The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'.
Fix this by parsing the 'buf' parameter directly using simple_strtoll() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An off-by-one buffer overflow in the Linux kernel's w1 therm alarms_store sysfs handler allows local attackers to corrupt memory.
Vulnerability
In the Linux kernel's w1 subsystem, the alarms_store() function, a buffer overflow occurs due to an off-by-one error. The sysfs buffer is allocated with size + 1 bytes and a NUL terminator is appended, but the [1]. However, the size argument does not account for this extra byte, so the original code allocated only size bytes and used strcpy() to copy the buffer, which always writes one byte past the allocated buffer because strcpy() copies until the NUL terminator at index size [1].
Exploitation
This vulnerability is exploitable via the sysfs interface, which is typically accessible to local users with write permissions to the alarms attribute of a file. An attacker could craft a malicious input that triggers the overflow, potentially leading to memory corruption [1].
Impact
A successful exploit could allow a local attacker to corrupt kernel memory, potentially leading to a denial of service (system crash) or, in some cases, privilege escalation [1].
Mitigation
The fix has been applied to the Linux kernel stable tree [1]. Users should update to a patched kernel version. No workaround is available other than applying the patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/060b08d72a38b158a7f850d4b83c17c2969e0f6bnvd
- git.kernel.org/stable/c/49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95nvd
- git.kernel.org/stable/c/6a5820ecfa5a76c3d3e154802c8c15f391ef442envd
- git.kernel.org/stable/c/6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0nvd
- git.kernel.org/stable/c/761fcf46a1bd797bd32d23f3ea0141ffd437668anvd
- git.kernel.org/stable/c/b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cfnvd
- git.kernel.org/stable/c/e6b2609af21b5cccc9559339591b8a2cbf884169nvd
News mentions
0No linked articles in our index yet.