Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'. Fix this by parsing the 'buf' parameter directly using simple_strtoll() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code.
References
- https://git.kernel.org/stable/c/060b08d72a38b158a7f850d4b83c17c2969e0f6b
- https://git.kernel.org/stable/c/49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95
- https://git.kernel.org/stable/c/6a5820ecfa5a76c3d3e154802c8c15f391ef442e
- https://git.kernel.org/stable/c/6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0
- https://git.kernel.org/stable/c/761fcf46a1bd797bd32d23f3ea0141ffd437668a
- https://git.kernel.org/stable/c/b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cf
- https://git.kernel.org/stable/c/e6b2609af21b5cccc9559339591b8a2cbf884169
FAQ
What is CVE-2025-71197?
CVE-2025-71197 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' b...
How severe is CVE-2025-71197?
CVSS scoring is not yet available for CVE-2025-71197. Check NVD for updates.
Is there a patch for CVE-2025-71197?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.