CVE-2025-71108

MEDIUM EPSS 2.4%
Published Jan 14, 20265mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 14, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it can lead to a system not booting. Flag that the FW is not behaving correctly, and auto-fix the value so that the system boots correctly. Found on Lenovo P1 G8 during Linux enablement program. The FW will be fixed, but seemed worth addressing in case it hit platforms that aren't officially Linux supported.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥4.13.1  –  <5.10.248
linuxlinux_kernel*≥5.11  –  <5.15.198
linuxlinux_kernel*≥5.16  –  <6.1.160
linuxlinux_kernel*≥6.2  –  <6.6.120
linuxlinux_kernel*≥6.7  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.18.3
linuxlinux_kernel4.13any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/07c8d2a109d847775b3b4e2c3294c8e1eea75432
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/58941bbb0050e365a98c64f1fc4a9a0ac127dba6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/07c8d2a109d847775b3b4e2c3294c8e1eea75432
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/58941bbb0050e365a98c64f1fc4a9a0ac127dba6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d
    Patch