Cyber Resilience

CVE-2025-71145

High

Published: 23 January 2026

Published
23 January 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71145 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2025-71145 is a use-after-free vulnerability in the Linux kernel's USB PHY isp1301 driver. A recent patch addressing a device reference leak in a USB Device Controller (UDC) driver inadvertently introduced the issue in the non-Device Tree (non-OF) case. Specifically, the isp1301_get_client() helper function increments the reference count for the returned I2C device only when using OpenFirmware (OF) bindings, leaving non-OF scenarios with an imbalance that can lead to use-after-free when the caller unconditionally decrements the reference. The vulnerability is scored at CVSS 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and mapped to NVD-CWE-Other.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Exploitation involves triggering the racy condition where the PHY driver is unbound while the I2C device is in use, potentially allowing arbitrary code execution, data corruption, or denial of service through the use-after-free, with high impacts on confidentiality, integrity, and availability.

Mitigation requires applying the relevant stable kernel patches, as detailed in the upstream commits: 03bbdaa4da8c6ea0c8431a5011db188a07822c8a, 43e58abad6c08c5f0943594126ef4cd6559aac0b, 5d3df03f70547d4e3fc10ed4381c052eff51b157, 7501ecfe3e5202490c2d13dc7e181203601fcd69, and 75c5d9bce072abbbc09b701a49869ac23c34a906. These fixes ensure the reference count is incremented for non-OF cases as well, allowing unconditional decrement by callers while noting the inherent race condition in I2C device usage.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case as the…

more

isp1301_get_client() helper only increases the reference count for the returned I2C device in the OF case. Increment the reference count also for non-OF so that the caller can decrement it unconditionally. Note that this is inherently racy just as using the returned I2C device is since nothing is preventing the PHY driver from being unbound while in use.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free enables privilege escalation via arbitrary code execution in isp1301 USB PHY driver.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.10.248 — 5.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the use-after-free vulnerability by requiring timely application of Linux kernel patches that fix the I2C device reference count increment in non-OF cases for the isp1301 driver.

prevent

Implements kernel memory protection mechanisms such as randomization and guard pages that hinder exploitation of the use-after-free in the USB PHY driver.

prevent

Reduces exposure by configuring the system to disable or restrict unnecessary USB PHY drivers like isp1301 when not required for operations.

References