CVE-2025-71272: Resource Leak in Linux Kernel
Plattform
linux
Komponente
linux-kernel
Behoben in
af0b99b2214a10554adb5b868240d23af6e64e71
CVE-2025-71272 addresses a resource leak vulnerability discovered in the Linux kernel. Specifically, the mostregisterinterface() function failed to correctly release resources when encountering errors before completing device registration. This resulted in memory being allocated but not freed, potentially leading to memory exhaustion over time. The vulnerability affects kernel versions 5.6 and later and has been resolved in commit af0b99b2214a10554adb5b868240d23af6e64e71.
Auswirkungen und Angriffsszenarien
The impact of CVE-2025-71272 is primarily memory exhaustion. Repeated calls to mostregisterinterface() under error conditions could gradually consume available memory, eventually leading to system instability or crashes. While not a direct code execution vulnerability, the resulting denial of service can disrupt critical system functions. The blast radius extends to any system running an affected Linux kernel version. The vulnerability's nature makes it particularly concerning in long-running systems or those with limited memory resources.
Ausnutzungskontext
CVE-2025-71272 was published on 2026-05-06. Its presence on KEV or EPSS is unknown. Public proof-of-concept (POC) code is not currently available. Given the nature of the vulnerability (resource leak), exploitation would likely require repeated triggering of the affected function, making it less attractive for immediate exploitation but potentially dangerous in long-running systems.
Bedrohungsanalyse
Exploit-Status
EPSS
0.02% (7% Perzentil)
Betroffene Software
Zeitleiste
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation for CVE-2025-71272 is to upgrade to a kernel version containing the fix (af0b99b2214a10554adb5b868240d23af6e64e71). If an immediate upgrade is not feasible, consider monitoring system memory usage for unusual increases. While a direct workaround is unavailable, ensuring proper error handling and resource management in custom kernel modules can help prevent similar issues. After upgrading, verify the fix by observing system memory usage under load and confirming that the mostregisterinterface() function behaves as expected.
So behebenwird übersetzt…
Actualizar el kernel de Linux a la versión 5.6 o superior, 6.12.1 o superior, 6.18.1 o superior, o 6.19.1 o superior. Esta actualización corrige una fuga de recursos en la función most_register_interface al no liberar correctamente los recursos en caso de error, lo que podría llevar a un consumo excesivo de memoria.
Häufig gestellte Fragen
Was ist CVE-2025-71272 in Linux Kernel?
It's a resource leak vulnerability in the Linux kernel's mostregisterinterface function, leading to potential memory exhaustion.
Bin ich von CVE-2025-71272 in Linux Kernel betroffen?
If you're running a Linux kernel version 5.6 or later, you may be vulnerable. Check for kernel updates.
Wie behebe ich CVE-2025-71272 in Linux Kernel?
Upgrade to a kernel version containing the fix (af0b99b2214a10554adb5b868240d23af6e64e71).
Wird CVE-2025-71272 aktiv ausgenutzt?
Currently, there are no reports of active exploitation campaigns targeting this vulnerability.
Wo finde ich den offiziellen Linux Kernel-Hinweis für CVE-2025-71272?
Refer to the Linux kernel commit logs and security advisories from your Linux distribution.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...