Skip to main content

Linux Kernel CVE-2025-71273

| EUVDEUVD-2025-209673 MEDIUM
Memory Leak (CWE-401)
2026-05-06 Linux GHSA-gx72-jpcx-hm2h
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 00:00 vuln.today
CVSS changed
May 12, 2026 - 21:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:02 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()

Simplify the code by using device managed memory allocations.

This also fixes a memory leak in rtw_register_hw(). The supported bands were not freed in the error path.

Copied from commit 145df52a8671 ("wifi: rtw89: Convert rtw89_core_set_supported_band to use devm_*").

AnalysisAI

Memory leak in rtw88 WiFi driver allows local authenticated attackers to cause denial of service via supported band allocation failure. The rtw_set_supported_band() function in the rtl8821ce WiFi driver failed to free allocated memory in error paths during hardware registration, enabling a local privilege escalation attack that exhausts kernel memory. EPSS exploitation probability is very low (0.02%), indicating this is a hardening fix rather than a critical vulnerability.

Technical ContextAI

The rtw88 WiFi driver is part of the Linux kernel's 802.11 wireless subsystem. The vulnerability resides in rtw_register_hw(), which calls rtw_set_supported_band() to allocate memory for supported IEEE 802.11 bands (2.4 GHz, 5 GHz, 6 GHz). The original code used direct kmalloc() allocations without devm (device-managed) wrappers, meaning memory was not automatically freed if hardware registration failed. The fix converts to devm_kmemdup() which ties memory lifetime to the device object, ensuring cleanup on error or driver unload. CWE-401 (Missing Release of Memory after Effective Lifetime) classifies this as a resource management failure where allocated memory persists beyond its intended scope.

RemediationAI

Upgrade to Linux kernel version 6.12.75, 6.18.16, 6.19.6, or 7.0 (or newer) which contain the devm_kmemdup() conversion fix. For systems unable to upgrade immediately, disable the rtw88 driver module (rmmod rtw88) if an alternative WiFi driver is available, though this sacrifices wireless functionality on affected hardware. Alternatively, configure kernel memory limits via cgroup v2 memory.max to prevent kernel OOM killer from impacting critical services during prolonged operation. The canonical fix is available at git.kernel.org/stable/c/9b5418070ee8468fac9e8bf641c83d46b85bff30 for mainline integration. No workarounds mitigate the leak without code changes; only kernel upgrade eliminates the underlying memory management defect.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-71273 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy