CVE-2025-71157

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's RDMA/core component related to reference counting within the ib del sub device and put() function. Specifically, the code fails to drop a device reference count acquired by ib device get by index() before returning an error, potentially leading to resource leaks or other issues. This issue was introduced with commit 060c642b2ab8, which added support for adding and deleting sub IB devices through netlink. The function ib del sub device and put() is involved in the process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-911

Related Identifiers

BDU:2026-04911

CVE-2025-71157

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-8177-1

USN-8177-2

USN-8183-1

USN-8183-2

USN-8245-1

USN-8257-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-71157

Weakness Enumeration

Related Identifiers

Affected Products

References · 717