Cyber Resilience

CVE-2025-71157

High

Published: 23 January 2026

Published
23 January 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71157 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-71157 is a vulnerability in the Linux kernel's RDMA core subsystem, specifically within the ib_del_sub_device_and_put() function. The issue arises because nldev_deldev(), introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink"), acquires a reference to an IB device using ib_device_get_by_index() before calling ib_del_sub_device_and_put(). In error paths returning -EOPNOTSUPP, this reference is not properly dropped, leading to a reference count leak. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability. The CVSS vector indicates low attack complexity and no user interaction required, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability.

Mitigation involves applying the relevant kernel patches available in the stable repository. Key fixes include commits at https://git.kernel.org/stable/c/20436f2742a92b7afeb2504eb559a98d2196b001, https://git.kernel.org/stable/c/fa3c411d21ebc26ffd175c7256c37cefa35020aa, and https://git.kernel.org/stable/c/fe8d456080423b9ed410469fbd1e2098d3acce2b, which ensure the device reference count is always dropped in ib_del_sub_device_and_put().

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a reference using ib_device_get_by_index() before…

more

calling ib_del_sub_device_and_put(), we need to drop that reference before returning -EOPNOTSUPP error.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel reference leak in RDMA subsystem directly enables privilege escalation from low-privileged user to full system compromise (C/I/A impact).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19 · 6.11 — 6.12.64 · 6.13 — 6.18.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, prioritizing, and applying kernel patches to remediate the reference count leak in the RDMA ib_del_sub_device_and_put() function.

detect

Provides vulnerability scanning to identify systems running kernel versions affected by CVE-2025-71157's RDMA reference leak.

detect

Mandates monitoring security advisories and directives for kernel flaws like the RDMA sub-device reference count leak to enable timely patching.

References