SB20260114184 - Input validation error in Linux kernel typec ucsi driver
Published: January 14, 2026
Security Bulletin ID
SB20260114184
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-71108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d
- https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943
- https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb
- https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93
- https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d