CVE-2025-71108 (GCVE-0-2025-71108)

Vulnerability from cvelistv5 – Published: 2026-01-14 15:05 – Updated: 2026-01-14 15:05
VLAI?
Title
usb: typec: ucsi: Handle incorrect num_connectors capability
Summary
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it can lead to a system not booting. Flag that the FW is not behaving correctly, and auto-fix the value so that the system boots correctly. Found on Lenovo P1 G8 during Linux enablement program. The FW will be fixed, but seemed worth addressing in case it hit platforms that aren't officially Linux supported.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f72f97d0aee4a993a35f2496bca5efd24827235d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 914605b0de8128434eafc9582445306830748b93 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3042a57a8e8bce4a3100c3f6f03dc372aab24943 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 132fe187e0d940f388f839fe2cde9b84106ad20d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 30cd2cb1abf4c4acdb1ddb468c946f68939819fb (git)
Create a notification for this product.
    Linux Linux Unaffected: 6.1.160 , ≤ 6.1.* (semver)
Unaffected: 6.6.120 , ≤ 6.6.* (semver)
Unaffected: 6.12.64 , ≤ 6.12.* (semver)
Unaffected: 6.18.3 , ≤ 6.18.* (semver)
Unaffected: 6.19-rc1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/ucsi/ucsi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f72f97d0aee4a993a35f2496bca5efd24827235d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "914605b0de8128434eafc9582445306830748b93",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3042a57a8e8bce4a3100c3f6f03dc372aab24943",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "132fe187e0d940f388f839fe2cde9b84106ad20d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "30cd2cb1abf4c4acdb1ddb468c946f68939819fb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/typec/ucsi/ucsi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.160",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.120",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.64",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19-rc1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Handle incorrect num_connectors capability\n\nThe UCSI spec states that the num_connectors field is 7 bits, and the\n8th bit is reserved and should be set to zero.\nSome buggy FW has been known to set this bit, and it can lead to a\nsystem not booting.\nFlag that the FW is not behaving correctly, and auto-fix the value\nso that the system boots correctly.\n\nFound on Lenovo P1 G8 during Linux enablement program. The FW will\nbe fixed, but seemed worth addressing in case it hit platforms that\naren\u0027t officially Linux supported."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-14T15:05:56.553Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d"
        },
        {
          "url": "https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93"
        },
        {
          "url": "https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943"
        },
        {
          "url": "https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d"
        },
        {
          "url": "https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb"
        }
      ],
      "title": "usb: typec: ucsi: Handle incorrect num_connectors capability",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-71108",
    "datePublished": "2026-01-14T15:05:56.553Z",
    "dateReserved": "2026-01-13T15:30:19.652Z",
    "dateUpdated": "2026-01-14T15:05:56.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-71108\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-14T15:15:59.867\",\"lastModified\":\"2026-01-14T16:25:12.057\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nusb: typec: ucsi: Handle incorrect num_connectors capability\\n\\nThe UCSI spec states that the num_connectors field is 7 bits, and the\\n8th bit is reserved and should be set to zero.\\nSome buggy FW has been known to set this bit, and it can lead to a\\nsystem not booting.\\nFlag that the FW is not behaving correctly, and auto-fix the value\\nso that the system boots correctly.\\n\\nFound on Lenovo P1 G8 during Linux enablement program. The FW will\\nbe fixed, but seemed worth addressing in case it hit platforms that\\naren\u0027t officially Linux supported.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.