CVE-2025-71157

EUVD-2026-4388
In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: always drop device refcount in ib_del_sub_device_and_put()

Since nldev_deldev() (introduced by commit 060c642b2ab8 ("RDMA/nldev: Add
support to add/delete a sub IB device through netlink") grabs a reference
using ib_device_get_by_index() before calling ib_del_sub_device_and_put(),
we need to drop that reference before returning -EOPNOTSUPP error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.11 ≤
𝑥
< 6.12.64
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.4
linuxlinux_kernel
6.19:rc1
linuxlinux_kernel
6.19:rc2
linuxlinux_kernel
6.19:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.164-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-1
fixed
forky
6.19.10-1
fixed
sid
6.19.10-1
fixed
trixie
6.12.73-1
fixed
trixie (security)
6.12.74-2
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/20436f2742a92b7afeb2504eb559a98d2196b001
https://git.kernel.org/stable/c/fa3c411d21ebc26ffd175c7256c37cefa35020aa
https://git.kernel.org/stable/c/fe8d456080423b9ed410469fbd1e2098d3acce2b