In the Linux kernel, the following vulnerability has been resolved:
ima: Fix stack-out-of-bounds in isbprmcredsforexec()
KASAN reported a stack-out-of-bounds access in imaappraisemeasurement from isbprmcredsforexec:
BUG: KASAN: stack-out-of-bounds in imaappraisemeasurement+0x12dc/0x16a0 Read of size 1 at addr ffffc9000160f940 by task sudo/550 The buggy address belongs to stack of task sudo/550 and is located at offset 24 in frame: imaappraisemeasurement+0x0/0x16a0 This frame has 2 objects: [48, 56) 'file' [80, 148) 'hash'
This is caused by using container_of on the *file pointer. This offset calculation is what triggers the stack-out-of-bounds error.
In order to fix this, pass in a bprmischeck boolean which can be set depending on how processmeasurement is called. If the caller has a linuxbinprm pointer and the function is BPRMCHECK we can determine ischeck and set it then. Otherwise set it to false.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71306.json",
"cna_assigner": "Linux"
}