2467061 – (CVE-2025-71272) CVE-2025-71272 kernel: most: core: fix resource leak in most_register_interface error paths

Bug 2467061 (CVE-2025-71272) - CVE-2025-71272 kernel: most: core: fix resource leak in most_register_interface error paths

Summary: CVE-2025-71272 kernel: most: core: fix resource leak in most_register_interfa...

Keywords:
Status:	NEW
Alias:	CVE-2025-71272
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 13:02 UTC by OSIDB Bzimport
Modified:	2026-05-06 16:39 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 13:02:10 UTC

In the Linux kernel, the following vulnerability has been resolved:

most: core: fix resource leak in most_register_interface error paths

The function most_register_interface() did not correctly release resources
if it failed early (before registering the device). In these cases, it
returned an error code immediately, leaking the memory allocated for the
interface.

Fix this by initializing the device early via device_initialize() and
calling put_device() on all error paths.

The most_register_interface() is expected to call put_device() on
error which frees the resources allocated in the caller. The
put_device() either calls release_mdev() or dim2_release(),
depending on the caller.

Switch to using device_add() instead of device_register() to handle
the split initialization.

Comment 1 Keith Grant 2026-05-06 16:37:15 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050617-CVE-2025-71272-85da@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.