CVE-2025-71145Linux vulnerability

6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 99.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 23

Description

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. Increment the reference count also for non-OF so that the caller can decrement it unconditionally. Note that this is inherently racy just

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel5.10.2485.11
CVEListV5linux/linux0c2b0e747010fa645342138d71339a0ecb823bb043e58abad6c08c5f0943594126ef4cd6559aac0b+6
debiandebian/linux

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-71145: In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a2026-01-23
GHSA
GHSA-8hw4-vmgm-gx5f: In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing2026-01-23

📋Vendor Advisories

2
Red Hat
kernel: usb: phy: isp1301: fix non-OF device reference imbalance2026-01-23
Debian
CVE-2025-71145: linux - In the Linux kernel, the following vulnerability has been resolved: usb: phy: i...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71145 Impact, Exploitability, and Mitigation Steps | Wiz