CVE-2025-71157
Published: 23 January 2026
Summary
CVE-2025-71157 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-71157 is a vulnerability in the Linux kernel's RDMA core subsystem, specifically within the ib_del_sub_device_and_put() function. The issue arises because nldev_deldev(), introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink"), acquires a reference to an IB device using ib_device_get_by_index() before calling ib_del_sub_device_and_put(). In error paths returning -EOPNOTSUPP, this reference is not properly dropped, leading to a reference count leak. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability. The CVSS vector indicates low attack complexity and no user interaction required, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability.
Mitigation involves applying the relevant kernel patches available in the stable repository. Key fixes include commits at https://git.kernel.org/stable/c/20436f2742a92b7afeb2504eb559a98d2196b001, https://git.kernel.org/stable/c/fa3c411d21ebc26ffd175c7256c37cefa35020aa, and https://git.kernel.org/stable/c/fe8d456080423b9ed410469fbd1e2098d3acce2b, which ensure the device reference count is always dropped in ib_del_sub_device_and_put().
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4388
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add support to add/delete a sub IB device through netlink") grabs a reference using ib_device_get_by_index() before…
more
calling ib_del_sub_device_and_put(), we need to drop that reference before returning -EOPNOTSUPP error.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel reference leak in RDMA subsystem directly enables privilege escalation from low-privileged user to full system compromise (C/I/A impact).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identifying, prioritizing, and applying kernel patches to remediate the reference count leak in the RDMA ib_del_sub_device_and_put() function.
Provides vulnerability scanning to identify systems running kernel versions affected by CVE-2025-71157's RDMA reference leak.
Mandates monitoring security advisories and directives for kernel flaws like the RDMA sub-device reference count leak to enable timely patching.