CVE-2025-71145

{"id": "CVE-2025-71145", "cveTags": [], "metrics": {}, "published": "2026-01-23T14:16:12.873", "references": [{"url": "https://git.kernel.org/stable/c/03bbdaa4da8c6ea0c8431a5011db188a07822c8a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/43e58abad6c08c5f0943594126ef4cd6559aac0b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5d3df03f70547d4e3fc10ed4381c052eff51b157", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7501ecfe3e5202490c2d13dc7e181203601fcd69", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/75c5d9bce072abbbc09b701a49869ac23c34a906", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b4b64fda4d30a83a7f00e92a0c8a1d47699609f3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: phy: isp1301: fix non-OF device reference imbalance\n\nA recent change fixing a device reference leak in a UDC driver\nintroduced a potential use-after-free in the non-OF case as the\nisp1301_get_client() helper only increases the reference count for the\nreturned I2C device in the OF case.\n\nIncrement the reference count also for non-OF so that the caller can\ndecrement it unconditionally.\n\nNote that this is inherently racy just as using the returned I2C device\nis since nothing is preventing the PHY driver from being unbound while\nin use."}], "lastModified": "2026-01-26T15:03:51.687", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}