CVE-2025-71197 Affecting kernel-uek-debug-core package, versions <0:5.15.0-318.199.3.2.el9uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE9-KERNELUEKDEBUGCORE-15567006
- published15 Mar 2026
- disclosed4 Feb 2026
Introduced: 4 Feb 2026
CVE-2025-71197 (opens in a new tab)How to fix?
Upgrade Oracle:9 kernel-uek-debug-core to version 0:5.15.0-318.199.3.2.el9uek or higher.
This issue was patched in ELSA-2026-50145.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug-core package and not the kernel-uek-debug-core package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
w1: therm: Fix off-by-one buffer overflow in alarms_store
The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not account for this extra byte. The original code then allocated 'size' bytes and used strcpy() to copy 'buf', which always writes one byte past the allocated buffer since strcpy() copies until the NUL terminator at index 'size'.
Fix this by parsing the 'buf' parameter directly using simple_strtoll() without allocating any intermediate memory or string copying. This removes the overflow while simplifying the code.
References
- https://linux.oracle.com/cve/CVE-2025-71197.html
- https://linux.oracle.com/errata/ELSA-2026-50145.html
- https://git.kernel.org/stable/c/6a5820ecfa5a76c3d3e154802c8c15f391ef442e
- https://git.kernel.org/stable/c/6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0
- https://git.kernel.org/stable/c/761fcf46a1bd797bd32d23f3ea0141ffd437668a
- https://git.kernel.org/stable/c/e6b2609af21b5cccc9559339591b8a2cbf884169
- https://git.kernel.org/stable/c/060b08d72a38b158a7f850d4b83c17c2969e0f6b
- https://git.kernel.org/stable/c/49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95
- https://git.kernel.org/stable/c/b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cf