CVE-2025-71272
Resource Leak in Linux Kernel most_register_interface
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's most_register_interface() function, where it fails to properly release allocated resources if an error occurs early in the process before the device is registered.
Specifically, when most_register_interface() encounters an error, it returns immediately without freeing the memory allocated for the interface, causing a resource (memory) leak.
The fix involves initializing the device early using device_initialize() and ensuring put_device() is called on all error paths to free resources. Additionally, the function now uses device_add() instead of device_register() to better handle initialization.
How can this vulnerability impact me? :
This vulnerability can lead to resource leaks in the Linux kernel, specifically memory leaks when the most_register_interface() function fails early.
Over time, these leaks could accumulate, potentially degrading system performance or causing instability due to exhausted memory resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the most_register_interface() function has been fixed. The fix involves proper resource management by initializing the device early with device_initialize(), using device_add() instead of device_register(), and ensuring put_device() is called on all error paths to prevent resource leaks.