PatchSiren cyber security CVE debrief
CVE-2025-71273 Linux CVE debrief
A MEDIUM severity vulnerability was discovered in the Linux kernel, tracked as CVE-2025-71273. The issue was resolved by using device managed memory allocations with devm_kmemdup() in rtw_set_supported_band(). This change also fixes a memory leak in rtw_register_hw(), where supported bands were not freed in the error path. The vulnerability has a CVSS score of 5.5.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-06
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-05-06
- Advisory updated
- 2026-06-05
Who should care
Users of the Linux kernel, particularly those using versions prior to the patched versions, should be aware of this vulnerability. The affected versions include Linux kernel versions from 5.2 to 6.12.75, 6.13 to 6.18.16, and 6.19 to 6.19.6.
Technical summary
The vulnerability is caused by a memory leak in the rtw_register_hw() function, which was not properly freeing supported bands in the error path. The fix involves using devm_kmemdup() in rtw_set_supported_band() to simplify the code and prevent the memory leak.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patches provided by the Linux kernel maintainers, available at: [ref-4], [ref-5], [ref-6], [ref-7]
Evidence notes
The CVE record and details can be found at: [cve-org]. The NVD detail page is available at: [nvd].
Official resources
-
CVE-2025-71273 CVE record
CVE.org
-
CVE-2025-71273 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
CVE-2025-71273 was published on 2026-05-06T12:16:27.330Z and modified on 2026-06-05T00:26:34.113Z.