CVE-2025-71108 — Improper Validation of Specified Type of Input in Linux
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 93.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 14
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Handle incorrect num_connectors capability
The UCSI spec states that the num_connectors field is 7 bits, and the
8th bit is reserved and should be set to zero.
Some buggy FW has been known to set this bit, and it can lead to a
system not booting.
Flag that the FW is not behaving correctly, and auto-fix the value
so that the system boots correctly.
Found on Lenovo P1 G8 during Linux enablement program. The FW…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages17 packages
▶CVEListV5linux/linuxc1b0bc2dabfa884dea49c02adaf3cd6b52b33d2f — 07c8d2a109d847775b3b4e2c3294c8e1eea75432+7
Patches
🔴Vulnerability Details
10OSV▶
linux-aws-5.15, linux-gcp-5.15, linux-gke, linux-hwe-5.15, linux-intel-iotg-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities↗2026-03-17