CVE-2025-71108

usb: typec: ucsi: Handle incorrect num_connectors capability

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to set this bit, and it can lead to a system not booting. Flag that the FW is not behaving correctly, and auto-fix the value so that the system boots correctly. Found on Lenovo P1 G8 during Linux enablement program. The FW will be fixed, but seemed worth addressing in case it hit platforms that aren't officially Linux supported.

INFO

Published Date :

2026-01-14T15:05:56.553Z

Last Modified :

2026-02-09T08:35:02.075Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2025-71108 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71108.

URL	Resource
https://git.kernel.org/stable/c/07c8d2a109d847775b3b4e2c3294c8e1eea75432
https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d
https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943
https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb
https://git.kernel.org/stable/c/58941bbb0050e365a98c64f1fc4a9a0ac127dba6
https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93
https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d
https://lore.kernel.org/linux-cve-announce/2026011411-CVE-2025-71108-2969@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71108
https://www.cve.org/CVERecord?id=CVE-2025-71108

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact