5.5

CVE-2025-71108

usb: typec: ucsi: Handle incorrect num_connectors capability

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: ucsi: Handle incorrect num_connectors capability

The UCSI spec states that the num_connectors field is 7 bits, and the
8th bit is reserved and should be set to zero.
Some buggy FW has been known to set this bit, and it can lead to a
system not booting.
Flag that the FW is not behaving correctly, and auto-fix the value
so that the system boots correctly.

Found on Lenovo P1 G8 during Linux enablement program. The FW will
be fixed, but seemed worth addressing in case it hit platforms that
aren't officially Linux supported.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.13.1 < 5.10.248
LinuxLinux Kernel Version >= 5.11 < 5.15.198
LinuxLinux Kernel Version >= 5.16 < 6.1.160
LinuxLinux Kernel Version >= 6.2 < 6.6.120
LinuxLinux Kernel Version >= 6.7 < 6.12.64
LinuxLinux Kernel Version >= 6.13 < 6.18.3
LinuxLinux Kernel Version4.13 Update-
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
LinuxLinux Kernel Version6.19 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d
Patch
https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943
Patch
https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb
Patch
https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93
Patch
https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d
Patch
https://git.kernel.org/stable/c/07c8d2a109d847775b3b4e2c3294c8e1eea75432
Patch
https://git.kernel.org/stable/c/58941bbb0050e365a98c64f1fc4a9a0ac127dba6
Patch