CVE-2025-71272

Source
https://cve.org/CVERecord?id=CVE-2025-71272
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71272.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-71272
Downstream
Published
2026-05-06T11:27:05.998Z
Modified
2026-06-18T03:56:28.986759723Z
Summary
most: core: fix resource leak in most_register_interface error paths
Details

In the Linux kernel, the following vulnerability has been resolved:

most: core: fix resource leak in mostregisterinterface error paths

The function mostregisterinterface() did not correctly release resources if it failed early (before registering the device). In these cases, it returned an error code immediately, leaking the memory allocated for the interface.

Fix this by initializing the device early via deviceinitialize() and calling putdevice() on all error paths.

The mostregisterinterface() is expected to call putdevice() on error which frees the resources allocated in the caller. The putdevice() either calls releasemdev() or dim2release(), depending on the caller.

Switch to using deviceadd() instead of deviceregister() to handle the split initialization.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71272.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
723de0f9171eeb49a3ae98cae82ebbbb992b3a7c
Fixed
a49028a796d7b94f8e3ab9bd34b18f36be235459
Fixed
af0b99b2214a10554adb5b868240d23af6e64e71
Fixed
2f483f3817fb0e4209ac5de928778b1da0cc8574
Fixed
1f4c9d8a1021281750c6cda126d6f8a40cc24e71

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71272.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71272.json"