PatchSiren cyber security CVE debrief
CVE-2025-71197 Linux CVE debrief
A buffer overflow vulnerability was found in the Linux kernel's w1: therm: alarms_store function. The issue arises from an off-by-one error when allocating memory for the sysfs buffer, leading to a potential buffer overflow when copying data using strcpy(). This vulnerability affects Linux kernel users and distributors, particularly those using the w1: therm module. The vulnerability has a high defensive priority, and users should apply patches or updates to mitigate the issue. The CVE record was published on 2026-02-04T17:16:11.633Z, and the NVD entry is currently Deferred.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-04
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-02-04
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users and distributors, particularly those using the w1: therm module, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and updating Linux kernel configurations to disable or restrict access to the w1: therm module if not needed, monitoring system logs for potential exploitation attempts, and applying patches or updates to a fixed version of the Linux kernel.
Technical summary
The vulnerability is caused by an off-by-one error in the allocation of the sysfs buffer in the alarms_store function. The buffer is allocated with 'size + 1' bytes, but the 'size' argument does not account for the extra byte. When strcpy() is used to copy 'buf' into the allocated buffer, it writes one byte past the allocated buffer, resulting in a buffer overflow. The fix involves parsing the 'buf' parameter directly using simple_strtoll() without allocating intermediate memory or using string copying.
Defensive priority
High
Recommended defensive actions
- Apply the official patch or update to a fixed version of the Linux kernel
- Review and update Linux kernel configurations to disable or restrict access to the w1: therm module if not needed
- Monitor system logs for potential exploitation attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-02-04T17:16:11.633Z and last modified on 2026-07-14T13:18:05.637Z. The NVD entry is currently Deferred. Linux kernel users should verify their systems for the w1: therm module and assess potential exposure. Evidence is limited, and defenders should focus on applying patches or mitigations. Additional verification tasks include reviewing system logs for potential exploitation attempts and ensuring that Linux kernel configurations are updated to disable or restrict access to the w1: therm module if not needed.
Official resources
-
CVE-2025-71197 CVE record
CVE.org
-
CVE-2025-71197 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-04T17:16:11.633Z and has not been modified since then. The NVD entry is currently Deferred.