CVE-2025-71145
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.10.248 (inc) to 5.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in the Linux kernel's isp1301 USB PHY driver. A recent fix for a device reference leak introduced a problem where the reference count for a non-OF (non-Open Firmware) I2C device was not incremented properly. This means that the device could be freed while still in use, leading to potential instability or crashes because the driver assumes the device is still valid when it might have been freed.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes due to use-after-free conditions in the USB PHY driver. If exploited or triggered, it could lead to kernel errors or denial of service by causing the system to access freed memory improperly.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by incrementing the reference count for the I2C device in the non-OF case in the Linux kernel's isp1301 PHY driver. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix. There are no specific immediate commands or workarounds provided.