{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:48:34.764","vulnerabilities":[{"cve":{"id":"CVE-2025-71145","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-23T14:16:12.873","lastModified":"2026-02-26T20:25:27.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: phy: isp1301: fix non-OF device reference imbalance\n\nA recent change fixing a device reference leak in a UDC driver\nintroduced a potential use-after-free in the non-OF case as the\nisp1301_get_client() helper only increases the reference count for the\nreturned I2C device in the OF case.\n\nIncrement the reference count also for non-OF so that the caller can\ndecrement it unconditionally.\n\nNote that this is inherently racy just as using the returned I2C device\nis since nothing is preventing the PHY driver from being unbound while\nin use."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nusb: phy: isp1301: corregir desequilibrio de referencia de dispositivo no-OF\n\nUn cambio reciente que corregía una fuga de referencia de dispositivo en un controlador UDC introdujo un potencial uso después de liberación en el caso no-OF, ya que la función auxiliar isp1301_get_client() solo incrementa el contador de referencias para el dispositivo I2C devuelto en el caso OF.\n\nIncrementar el contador de referencias también para no-OF para que el llamador pueda decrementarlo incondicionalmente.\n\nTenga en cuenta que esto es inherentemente propenso a condiciones de carrera, al igual que lo es usar el dispositivo I2C devuelto, ya que nada impide que el controlador PHY sea desvinculado mientras está en uso."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.248","versionEndExcluding":"5.11","matchCriteriaId":"27953D46-F1BA-44DF-8344-E000813BC82B"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03bbdaa4da8c6ea0c8431a5011db188a07822c8a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/43e58abad6c08c5f0943594126ef4cd6559aac0b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d3df03f70547d4e3fc10ed4381c052eff51b157","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7501ecfe3e5202490c2d13dc7e181203601fcd69","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/75c5d9bce072abbbc09b701a49869ac23c34a906","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4b64fda4d30a83a7f00e92a0c8a1d47699609f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}