How to fix CVE-2025-71143?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Linux Kernel affected by CVE-2025-71143?

CVE-2025-71143 presents notable security risk rated CVSS 7.8. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and consider compensating controls in the interim.

CVE-2025-71143

HIGH

2026-01-14 416baaa9-dc9f-4396-8d5f-8c081fb06d67

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Apr 09, 2026 - 08:30 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 14, 2026 - 15:16 nvd

HIGH 7.8

Description

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds. As noted in that change, the __counted_by member must be initialized with the number of elements before the first array access happens, otherwise there will be a warning from each access prior to the initialization because the number of elements is zero. This occurs in exynos_clkout_probe() due to .num being assigned after .hws[] has been accessed: UBSAN: array-index-out-of-bounds in drivers/clk/samsung/clk-exynos-clkout.c:178:18 index 0 is out of range for type 'clk_hw *[*]' Move the .num initialization to before the first access of .hws[], clearing up the warning.

Analysis

In the Linux kernel, the following vulnerability has been resolved:

clk: samsung: exynos-clkout: Assign .num before accessing .hws

Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds.

Technical Context

In the Linux kernel, the following vulnerability has been resolved:

clk: samsung: exynos-clkout: Assign .num before accessing .hws

Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with

__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'

with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)

about the number of elements in .hws[], so that it can warn when .hws[]

is accessed out of bounds. As noted in that change, the __counted_by

member must be in

Affected Products

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

Vendor Status

CVE-2025-71143 vulnerability details – vuln.today

Back

CVE-2025-71143

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-71143

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code