{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-71145","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:30:19.661Z","datePublished":"2026-01-23T13:39:17.857Z","dateUpdated":"2026-05-11T21:55:50.971Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:55:50.971Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: phy: isp1301: fix non-OF device reference imbalance\n\nA recent change fixing a device reference leak in a UDC driver\nintroduced a potential use-after-free in the non-OF case as the\nisp1301_get_client() helper only increases the reference count for the\nreturned I2C device in the OF case.\n\nIncrement the reference count also for non-OF so that the caller can\ndecrement it unconditionally.\n\nNote that this is inherently racy just as using the returned I2C device\nis since nothing is preventing the PHY driver from being unbound while\nin use."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/phy/phy-isp1301.c"],"versions":[{"version":"0c2b0e747010fa645342138d71339a0ecb823bb0","lessThan":"43e58abad6c08c5f0943594126ef4cd6559aac0b","status":"affected","versionType":"git"},{"version":"33c2e2a87313bc1afe9f7febbbb2014c431a2c5d","lessThan":"03bbdaa4da8c6ea0c8431a5011db188a07822c8a","status":"affected","versionType":"git"},{"version":"8481323710062051b3c42bff94ee5b18a2b496ca","lessThan":"75c5d9bce072abbbc09b701a49869ac23c34a906","status":"affected","versionType":"git"},{"version":"8bd518ea03b81eb7b4a734b7b901866c448f6c07","lessThan":"5d3df03f70547d4e3fc10ed4381c052eff51b157","status":"affected","versionType":"git"},{"version":"cefaad839a384a72331aedad927b1944fb6943dc","lessThan":"7501ecfe3e5202490c2d13dc7e181203601fcd69","status":"affected","versionType":"git"},{"version":"c84117912bddd9e5d87e68daf182410c98181407","lessThan":"b4b64fda4d30a83a7f00e92a0c8a1d47699609f3","status":"affected","versionType":"git"},{"version":"21c7c83d592e6335bfb6d65608da3726f976bad4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/phy/phy-isp1301.c"]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.248"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43e58abad6c08c5f0943594126ef4cd6559aac0b"},{"url":"https://git.kernel.org/stable/c/03bbdaa4da8c6ea0c8431a5011db188a07822c8a"},{"url":"https://git.kernel.org/stable/c/75c5d9bce072abbbc09b701a49869ac23c34a906"},{"url":"https://git.kernel.org/stable/c/5d3df03f70547d4e3fc10ed4381c052eff51b157"},{"url":"https://git.kernel.org/stable/c/7501ecfe3e5202490c2d13dc7e181203601fcd69"},{"url":"https://git.kernel.org/stable/c/b4b64fda4d30a83a7f00e92a0c8a1d47699609f3"}],"title":"usb: phy: isp1301: fix non-OF device reference imbalance","x_generator":{"engine":"bippy-1.2.0"}}}}