CVE-2025-71306 in Linux情報

要約

〜によって MITRE • 2026年05月27日

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()

KASAN reported a stack-out-of-bounds access in ima_appraise_measurement from is_bprm_creds_for_exec:

BUG: KASAN: stack-out-of-bounds in ima_appraise_measurement+0x12dc/0x16a0 Read of size 1 at addr ffffc9000160f940 by task sudo/550 The buggy address belongs to stack of task sudo/550 and is located at offset 24 in frame: ima_appraise_measurement+0x0/0x16a0 This frame has 2 objects: [48, 56) 'file'
[80, 148) 'hash'

This is caused by using container_of on the *file pointer. This offset calculation is what triggers the stack-out-of-bounds error.

In order to fix this, pass in a bprm_is_check boolean which can be set depending on how process_measurement is called. If the caller has a linux_binprm pointer and the function is BPRM_CHECK we can determine is_check and set it then. Otherwise set it to false.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Linux

予約する

2026年05月08日

公開

2026年05月27日

モデレーション

承諾済み

エントリ

VDB-366101

CPE

準備完了

CWE

CWE-125 (確認済み)

CVSS

3.5 (VulDB)

EPSS

0.00024

KEV

いいえ

アクティビティ

低い

セクター

Hostingprovider, Insurance, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-71306
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-71306
CVE Details	https://www.cvedetails.com/cve/CVE-2025-71306/

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!