What is CVE-2025-71306?

CVE-2025-71306 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.14 onward and patched in 6.19.4 and 7.0. CVE-2025-71306 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-71306?

CVE-2025-71306 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-71306?

Yes, CVE-2025-71306 has been patched. Fixed versions include 6.19.4 and 7.0. If you are running Linux kernel 6.14 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-71306 actively exploited?

CVE-2025-71306 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-71306

In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec() KASAN reported a stack-out-of-bounds access in ima_appraise_measurement from is_bprm_creds_for_exec: BUG: KASAN: stack-out-of-bounds in ima_appraise_measurement+0x12dc/0x16a0 Read of size 1 at addr ffffc9000160f940 by task sudo/550 The buggy address belongs to stack of task sudo/550 and is located at offset 24 in frame: ima_appraise_measurement+0x0/0x16a0 This frame has 2 objects: [48, 56) 'file' [80, 148) 'hash' This is caused by using container_of on the *file pointer. This offset calculation is what triggers the stack-out-of-bounds error. In order to fix this, pass in a bprm_is_check boolean which can be set depending on how process_measurement is called. If the caller has a linux_binprm pointer and the function is BPRM_CHECK we can determine is_check and set it then. Otherwise set it to false.

Package Linux Kernel

Published 2026-05-27

Last modified 2026-05-27

Patch available

Yes

Affected versions

Linux kernel versions 6.14 and later are affected. Fixed in 6.19.4, 7.0 and their respective stable series.

Affected from

≥ 6.14

Fixed in

✓ 6.19.4 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2025-71306 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/377cae9851e8559e9d8b82a78c1ac0abeb18839c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/ab3d16da982a4ebb715d487dbf9dd66e3990d935
Patch

Frequently asked questions

What is CVE-2025-71306?

CVE-2025-71306 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.14 onward and has been patched in 6.19.4 and 7.0. CVE-2025-71306 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-71306?

Yes — CVE-2025-71306 has been patched. Fixed versions include 6.19.4 and 7.0. If you are running Linux kernel 6.14 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-71306 actively exploited?

No — CVE-2025-71306 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.