Analyse en attenteCVE-2025-71272

CVE-2025-71272: Resource Leak in Linux Kernel

Plateforme

linux

Composant

linux-kernel

Corrigé dans

af0b99b2214a10554adb5b868240d23af6e64e71

Voir sur NVD

Sauvegarder

CVE-2025-71272 addresses a resource leak vulnerability within the Linux Kernel. This flaw occurs in the mostregisterinterface() function, where memory allocated for the interface is not properly released when an error occurs before device registration. This can lead to a denial-of-service condition as system resources are depleted. The vulnerability affects Linux Kernel versions 5.6 up to and including af0b99b2214a10554adb5b868240d23af6e64e71, and a fix is available in the specified version.

Impact et Scénarios d'Attaquetraduction en cours…

The core impact of CVE-2025-71272 is a denial-of-service (DoS). Repeated calls to mostregisterinterface() that fail can progressively consume system memory. Eventually, this can exhaust available resources, causing the system to become unresponsive or crash. While the vulnerability doesn't directly lead to code execution or data breaches, the resulting system instability can disrupt critical services and potentially lead to data loss if processes are terminated unexpectedly. The severity stems from the potential for widespread impact across systems relying on the affected Linux Kernel version, particularly in environments with high device registration activity.

Contexte d'Exploitationtraduction en cours…

CVE-2025-71272 is not currently listed on KEV (Kernel Exploitability Vulnerability) or has a publicly available EPSS score. The absence of a score doesn't diminish the potential impact; it simply reflects a lack of current exploitation activity. Public proof-of-concept (PoC) code is not currently available, but the nature of the vulnerability—a resource leak—makes it potentially exploitable through targeted device registration attacks. The vulnerability was published on 2026-05-06.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu

CISA KEVNO

EPSS

0.02% (percentile 7%)

Logiciel Affecté

Composantlinux-kernel

FournisseurLinux

Version minimale5.6

Version maximaleaf0b99b2214a10554adb5b868240d23af6e64e71

Corrigé dansaf0b99b2214a10554adb5b868240d23af6e64e71

Chronologie

Publiée2026-05-06
Modifiée2026-05-11
EPSS mis à jour2026-05-13

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2025-71272 is to upgrade the Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Before upgrading, it's crucial to review the release notes for any potential compatibility issues with existing drivers or applications. If a direct upgrade is not feasible due to compatibility concerns, consider temporarily limiting the number of device registration attempts to reduce the rate of resource exhaustion. While a WAF or proxy cannot directly mitigate this kernel-level vulnerability, ensuring proper resource limits and monitoring system memory usage can help detect and respond to potential DoS conditions. After upgrading, confirm the fix by monitoring system memory usage during device registration operations and verifying that no memory leaks occur.

Comment corrigertraduction en cours…

Actualizar el kernel de Linux a la versión 5.6 o superior, 6.12.1 o superior, 6.18.1 o superior, o 6.19.1 o superior. Esta actualización corrige una fuga de recursos en la función most_register_interface al no liberar correctamente los recursos en caso de error, lo que podría llevar a un consumo excesivo de memoria.

Questions fréquentestraduction en cours…

What is CVE-2025-71272 — Resource Leak in Linux Kernel?

CVE-2025-71272 is a vulnerability in the Linux Kernel where memory isn't released correctly during device registration errors, potentially leading to a denial-of-service. It affects versions 5.6–af0b99b2214a10554adb5b868240d23af6e64e71.

Am I affected by CVE-2025-71272 in Linux Kernel?

You are potentially affected if your system runs Linux Kernel versions 5.6 up to and including af0b99b2214a10554adb5b868240d23af6e64e71. Check your kernel version using 'uname -r'.

How do I fix CVE-2025-71272 in Linux Kernel?

Upgrade your Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Review release notes for compatibility before upgrading.

Is CVE-2025-71272 being actively exploited?

There is currently no public evidence of active exploitation or available proof-of-concept code, but the vulnerability's nature makes it potentially exploitable.

Where can I find the official Linux advisory for CVE-2025-71272?

Refer to the Linux Kernel security announcements and the NVD (National Vulnerability Database) for official information: https://nvd.nist.gov/vuln/detail/CVE-2025-71272

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitement Rechercher des CVE

en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Parcourir les fichiers