無料スキャン
分析待ちCVE-2025-71272

CVE-2025-71272: Resource Leak in Linux Kernel

プラットフォーム

linux

コンポーネント

linux-kernel

修正版

af0b99b2214a10554adb5b868240d23af6e64e71

NVDで見る
保存

CVE-2025-71272 addresses a resource leak vulnerability within the Linux Kernel. This flaw occurs in the mostregisterinterface() function, where memory allocated for the interface is not properly released when an error occurs before device registration. This can lead to a denial-of-service condition as system resources are depleted. The vulnerability affects Linux Kernel versions 5.6 up to and including af0b99b2214a10554adb5b868240d23af6e64e71, and a fix is available in the specified version.

影響と攻撃シナリオ翻訳中…

The core impact of CVE-2025-71272 is a denial-of-service (DoS). Repeated calls to mostregisterinterface() that fail can progressively consume system memory. Eventually, this can exhaust available resources, causing the system to become unresponsive or crash. While the vulnerability doesn't directly lead to code execution or data breaches, the resulting system instability can disrupt critical services and potentially lead to data loss if processes are terminated unexpectedly. The severity stems from the potential for widespread impact across systems relying on the affected Linux Kernel version, particularly in environments with high device registration activity.

悪用の状況翻訳中…

CVE-2025-71272 is not currently listed on KEV (Kernel Exploitability Vulnerability) or has a publicly available EPSS score. The absence of a score doesn't diminish the potential impact; it simply reflects a lack of current exploitation activity. Public proof-of-concept (PoC) code is not currently available, but the nature of the vulnerability—a resource leak—makes it potentially exploitable through targeted device registration attacks. The vulnerability was published on 2026-05-06.

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO

EPSS

0.02% (7% パーセンタイル)

影響を受けるソフトウェア

コンポーネントlinux-kernel
ベンダーLinux
最小バージョン5.6
最大バージョンaf0b99b2214a10554adb5b868240d23af6e64e71
修正版af0b99b2214a10554adb5b868240d23af6e64e71

タイムライン

  1. 公開日
  2. 更新日
  3. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2025-71272 is to upgrade the Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Before upgrading, it's crucial to review the release notes for any potential compatibility issues with existing drivers or applications. If a direct upgrade is not feasible due to compatibility concerns, consider temporarily limiting the number of device registration attempts to reduce the rate of resource exhaustion. While a WAF or proxy cannot directly mitigate this kernel-level vulnerability, ensuring proper resource limits and monitoring system memory usage can help detect and respond to potential DoS conditions. After upgrading, confirm the fix by monitoring system memory usage during device registration operations and verifying that no memory leaks occur.

修正方法翻訳中…

Actualizar el kernel de Linux a la versión 5.6 o superior, 6.12.1 o superior, 6.18.1 o superior, o 6.19.1 o superior. Esta actualización corrige una fuga de recursos en la función most_register_interface al no liberar correctamente los recursos en caso de error, lo que podría llevar a un consumo excesivo de memoria.

よくある質問翻訳中…

What is CVE-2025-71272 — Resource Leak in Linux Kernel?

CVE-2025-71272 is a vulnerability in the Linux Kernel where memory isn't released correctly during device registration errors, potentially leading to a denial-of-service. It affects versions 5.6–af0b99b2214a10554adb5b868240d23af6e64e71.

Am I affected by CVE-2025-71272 in Linux Kernel?

You are potentially affected if your system runs Linux Kernel versions 5.6 up to and including af0b99b2214a10554adb5b868240d23af6e64e71. Check your kernel version using 'uname -r'.

How do I fix CVE-2025-71272 in Linux Kernel?

Upgrade your Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Review release notes for compatibility before upgrading.

Is CVE-2025-71272 being actively exploited?

There is currently no public evidence of active exploitation or available proof-of-concept code, but the vulnerability's nature makes it potentially exploitable.

Where can I find the official Linux advisory for CVE-2025-71272?

Refer to the Linux Kernel security announcements and the NVD (National Vulnerability Database) for official information: https://nvd.nist.gov/vuln/detail/CVE-2025-71272

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索
scanZone.liveBadgescanZone.eyebrow

今すぐ試す — アカウント不要

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

手動スキャンSlack/メールアラートContinuous monitoringホワイトラベルレポート

依存関係ファイルをドラッグ&ドロップ

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...