PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-71197 Linux CVE debrief

A buffer overflow vulnerability was found in the Linux kernel's w1: therm: alarms_store function. The issue arises from an off-by-one error when allocating memory for the sysfs buffer, leading to a potential buffer overflow when copying data using strcpy(). This vulnerability affects Linux kernel users and distributors, particularly those using the w1: therm module. The vulnerability has a high defensive priority, and users should apply patches or updates to mitigate the issue. The CVE record was published on 2026-02-04T17:16:11.633Z, and the NVD entry is currently Deferred.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-04
Original CVE updated
2026-07-14
Advisory published
2026-02-04
Advisory updated
2026-07-14

Who should care

Linux kernel users and distributors, particularly those using the w1: therm module, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and updating Linux kernel configurations to disable or restrict access to the w1: therm module if not needed, monitoring system logs for potential exploitation attempts, and applying patches or updates to a fixed version of the Linux kernel.

Technical summary

The vulnerability is caused by an off-by-one error in the allocation of the sysfs buffer in the alarms_store function. The buffer is allocated with 'size + 1' bytes, but the 'size' argument does not account for the extra byte. When strcpy() is used to copy 'buf' into the allocated buffer, it writes one byte past the allocated buffer, resulting in a buffer overflow. The fix involves parsing the 'buf' parameter directly using simple_strtoll() without allocating intermediate memory or using string copying.

Defensive priority

High

Recommended defensive actions

  • Apply the official patch or update to a fixed version of the Linux kernel
  • Review and update Linux kernel configurations to disable or restrict access to the w1: therm module if not needed
  • Monitor system logs for potential exploitation attempts
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-02-04T17:16:11.633Z and last modified on 2026-07-14T13:18:05.637Z. The NVD entry is currently Deferred. Linux kernel users should verify their systems for the w1: therm module and assess potential exposure. Evidence is limited, and defenders should focus on applying patches or mitigations. Additional verification tasks include reviewing system logs for potential exploitation attempts and ensuring that Linux kernel configurations are updated to disable or restrict access to the w1: therm module if not needed.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-04T17:16:11.633Z and has not been modified since then. The NVD entry is currently Deferred.