#VU121527 Input validation error in Linux kernel - CVE-2025-71108
Published: January 14, 2026
Vulnerability identifier: #VU121527
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-71108
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d
- https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943
- https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb
- https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93
- https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d