CVE-2025-71272: Resource Leak in Linux Kernel

The core impact of CVE-2025-71272 is a denial-of-service (DoS). Repeated calls to mostregisterinterface() that fail can progressively consume system memory. Eventually, this can exhaust available resources, causing the system to become unresponsive or crash. While the vulnerability doesn't directly lead to code execution or data breaches, the resulting system instability can disrupt critical services and potentially lead to data loss if processes are terminated unexpectedly. The severity stems from the potential for widespread impact across systems relying on the affected Linux Kernel version, particularly in environments with high device registration activity.

1. 发布日期2026-05-06
2. 修改日期2026-05-11
3. EPSS 更新日期2026-05-13

The primary mitigation for CVE-2025-71272 is to upgrade the Linux Kernel to version af0b99b2214a10554adb5b868240d23af6e64e71 or later. Before upgrading, it's crucial to review the release notes for any potential compatibility issues with existing drivers or applications. If a direct upgrade is not feasible due to compatibility concerns, consider temporarily limiting the number of device registration attempts to reduce the rate of resource exhaustion. While a WAF or proxy cannot directly mitigate this kernel-level vulnerability, ensuring proper resource limits and monitoring system memory usage can help detect and respond to potential DoS conditions. After upgrading, confirm the fix by monitoring system memory usage during device registration operations and verifying that no memory leaks occur.