CVE-2025-71101

Description

In the Linux kernel, the following vulnerability has been resolved:platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsingThe hp_populate_*_elements_from_package() functions in the hp-bioscfgdriver contain out-of-bounds array access vulnerabilities.These functions parse ACPI packages into internal data structures usinga for loop with index variable elem that iterates throughenum_obj/integer_obj/order_obj/password_obj/string_obj arrays.When processing multi-element fields like PREREQUISITES andENUM_POSSIBLE_VALUES, these functions read multiple consecutive arrayelements using expressions like enum_obj[elem + reqs] andenum_obj[elem + pos_values] within nested loops.The bug is that the bounds check only validated elem, but did not considerthe additional offset when accessing elem + reqs or elem + pos_values.The fix changes the bounds check to validate the actual accessed index.

Risk Information

Base Score

7.1

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score

Exploitation Probability

0.03

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234