← Volver a CVEs
CVE-2025-71145
HIGH7.8
Descripcion
In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. Increment the reference count also for non-OF so that the caller can decrement it unconditionally. Note that this is inherently racy just as using the returned I2C device is since nothing is preventing the PHY driver from being unbound while in use.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/23/2026
Ultima modificacion2/26/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
linux:linux_kernel
Referencias
https://git.kernel.org/stable/c/03bbdaa4da8c6ea0c8431a5011db188a07822c8a(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/43e58abad6c08c5f0943594126ef4cd6559aac0b(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/5d3df03f70547d4e3fc10ed4381c052eff51b157(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/7501ecfe3e5202490c2d13dc7e181203601fcd69(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/75c5d9bce072abbbc09b701a49869ac23c34a906(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
https://git.kernel.org/stable/c/b4b64fda4d30a83a7f00e92a0c8a1d47699609f3(416baaa9-dc9f-4396-8d5f-8c081fb06d67)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.