CVE-2025-71152Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 23

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense. There are two distinct problems. 1. The OF path, which uses of_find_net_device_by_node(), never releases the elevated refcount on the conduit's kobject. Nominally, the OF and non-OF paths should result in objects havin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.86.18.4+1
Debianlinux/linux_kernel< 6.18.5-1
CVEListV5linux/linux83c0afaec7b730b16c518aecc8e6246ec91b265eec2b34acb1894cfc10ed22d8277ca4f11e9f4b23+4
debiandebian/linux< linux 6.18.5-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-71152: In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description -----------2026-01-23
GHSA
GHSA-cc5p-pmc6-4cgc: In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description DSA has2026-01-23

📋Vendor Advisories

2
Red Hat
kernel: net: dsa: properly keep track of conduit reference2026-01-23
Debian
CVE-2025-71152: linux - In the Linux kernel, the following vulnerability has been resolved: net: dsa: p...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71152 Impact, Exploitability, and Mitigation Steps | Wiz