CVE-2025-71272: Resource Leak in Linux Kernel
Plataforma
linux
Componente
linux-kernel
Corrigido em
af0b99b2214a10554adb5b868240d23af6e64e71
CVE-2025-71272 addresses a resource leak vulnerability within the Linux Kernel. This flaw occurs in the mostregisterinterface() function, where memory allocated for the interface is not properly released when an error occurs before device registration. This can lead to a denial-of-service condition as system resources are depleted. The vulnerability affects Linux Kernel versions 5.6 up to and including af0b99b2214a10554adb5b868240d23af6e64e71, and a fix is available in the specified version.
Impacto e Cenários de Ataquetraduzindo…
The core impact of CVE-2025-71272 is a denial-of-service (DoS). Repeated calls to mostregisterinterface() that fail can progressively consume system memory. Eventually, this can exhaust available resources, causing the system to become unresponsive or crash. While the vulnerability doesn't directly lead to code execution or data breaches, the resulting system instability can disrupt critical services and potentially lead to data loss if processes are terminated unexpectedly. The severity stems from the potential for widespread impact across systems relying on the affected Linux Kernel version, particularly in environments with high device registration activity.
Contexto de Exploraçãotraduzindo…
CVE-2025-71272 is not currently listed on KEV (Kernel Exploitability Vulnerability) or has a publicly available EPSS score. The absence of a score doesn't diminish the potential impact; it simply reflects a lack of current exploitation activity. Public proof-of-concept (PoC) code is not currently available, but the nature of the vulnerability—a resource leak—makes it potentially exploitable through targeted device registration attacks. The vulnerability was published on 2026-05-06.
Inteligência de Ameaças
Status do Exploit
EPSS
0.02% (percentil 7%)
Software Afetado
Linha do tempo
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2025-71272 is to upgrade the Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Before upgrading, it's crucial to review the release notes for any potential compatibility issues with existing drivers or applications. If a direct upgrade is not feasible due to compatibility concerns, consider temporarily limiting the number of device registration attempts to reduce the rate of resource exhaustion. While a WAF or proxy cannot directly mitigate this kernel-level vulnerability, ensuring proper resource limits and monitoring system memory usage can help detect and respond to potential DoS conditions. After upgrading, confirm the fix by monitoring system memory usage during device registration operations and verifying that no memory leaks occur.
Como corrigirtraduzindo…
Actualizar el kernel de Linux a la versión 5.6 o superior, 6.12.1 o superior, 6.18.1 o superior, o 6.19.1 o superior. Esta actualización corrige una fuga de recursos en la función most_register_interface al no liberar correctamente los recursos en caso de error, lo que podría llevar a un consumo excesivo de memoria.
Perguntas frequentestraduzindo…
What is CVE-2025-71272 — Resource Leak in Linux Kernel?
CVE-2025-71272 is a vulnerability in the Linux Kernel where memory isn't released correctly during device registration errors, potentially leading to a denial-of-service. It affects versions 5.6–af0b99b2214a10554adb5b868240d23af6e64e71.
Am I affected by CVE-2025-71272 in Linux Kernel?
You are potentially affected if your system runs Linux Kernel versions 5.6 up to and including af0b99b2214a10554adb5b868240d23af6e64e71. Check your kernel version using 'uname -r'.
How do I fix CVE-2025-71272 in Linux Kernel?
Upgrade your Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Review release notes for compatibility before upgrading.
Is CVE-2025-71272 being actively exploited?
There is currently no public evidence of active exploitation or available proof-of-concept code, but the vulnerability's nature makes it potentially exploitable.
Where can I find the official Linux advisory for CVE-2025-71272?
Refer to the Linux Kernel security announcements and the NVD (National Vulnerability Database) for official information: https://nvd.nist.gov/vuln/detail/CVE-2025-71272
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...