Login Sign Up

CVE-2025-71145

7.8 HIGH

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's USB PHY driver (isp1301) allows potential kernel memory corruption when handling non-OF (Open Firmware) I2C device references. This affects Linux systems using the isp1301 USB PHY driver, primarily embedded devices and servers with specific USB hardware configurations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing the vulnerable commit up to versions with the fix (specific commit range: 03bbdaa4da8c6ea0c8431a5011db188a07822c8a to 75c5d9bce072abbbc09b701a49869ac23c34a906)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using the isp1301 USB PHY driver with non-OF I2C devices. Most desktop systems use different USB PHY implementations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger the use-after-free condition.

🟠

Likely Case

System instability, kernel crashes, or denial of service when USB devices are connected/disconnected under specific timing conditions.

🟢

If Mitigated

Minimal impact with proper kernel hardening, as exploitation requires specific hardware and timing conditions.

🌐 Internet-Facing: LOW - This vulnerability requires local access or USB device interaction, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires physical USB access or local user privileges, but could lead to system compromise in multi-user environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific hardware (isp1301 PHY), precise timing to trigger race condition, and kernel memory manipulation knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 75c5d9bce072abbbc09b701a49869ac23c34a906 or later

Vendor Advisory: https://git.kernel.org/stable/c/75c5d9bce072abbbc09b701a49869ac23c34a906

Restart Required: Yes

Instructions:

1. Update to latest stable kernel from your distribution. 2. For custom kernels, apply commit 75c5d9bce072abbbc09b701a49869ac23c34a906. 3. Rebuild and install kernel. 4. Reboot system.

🔧 Temporary Workarounds

Disable isp1301 driver module

linux

Prevent loading of vulnerable driver if not needed

echo 'blacklist isp1301' >> /etc/modprobe.d/blacklist.conf
rmmod isp1301

🧯 If You Can't Patch

  • Restrict physical USB access to prevent triggering the race condition
  • Implement strict user privilege controls to limit who can interact with USB devices

🔍 How to Verify

Check if Vulnerable:

Check if isp1301 module is loaded: lsmod | grep isp1301 AND check kernel version against affected commit range

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: git log --oneline | grep '75c5d9bce072abbbc09b701a49869ac23c34a906'

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • USB subsystem errors in dmesg
  • System crash logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("isp1301" OR "use-after-free" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2025-71145
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.01% exploit probability (2.1th percentile)
Published: January 23, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON