Login Sign Up

CVE-2025-71154

5.5 MEDIUM

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's rtl8150 USB Ethernet driver. When USB URB submission fails in async_set_registers(), the driver doesn't properly free allocated memory structures, causing gradual memory exhaustion. This affects Linux systems using the rtl8150 driver for Realtek USB Ethernet adapters.

💻 Affected Systems

Products:
  • Linux kernel rtl8150 USB Ethernet driver
Versions: Linux kernel versions containing vulnerable rtl8150 driver code before the fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using rtl8150 driver for Realtek USB Ethernet adapters; driver may be built as module or compiled into kernel

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel panic/crash.

🟠

Likely Case

Gradual memory consumption over time leading to system performance degradation and eventual denial of service requiring reboot.

🟢

If Mitigated

Minimal impact with proper memory monitoring and system hardening; memory leak would be contained and detected.

🌐 Internet-Facing: LOW - Requires local access or USB device connection; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Requires physical USB device connection or local system access; could be exploited by malicious insiders or through compromised USB devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Requires ability to trigger USB URB submission failures repeatedly

Exploitation requires local access or ability to connect USB devices; memory leak is triggered on specific error conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits: 12cab1191d9890097171156d06bfa8d31f1e39c8, 151403e903840c9cf06754097b6732c14f26c532, 2f966186b99550e3c665dbfb87b8314e30acea02, 4bd4ea3eb326608ffc296db12c105f92dc2f2190, 6492ad6439ff1a479fc94dc6052df3628faed8b6

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable rtl8150 driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist rtl8150' >> /etc/modprobe.d/blacklist.conf
rmmod rtl8150

Avoid using affected USB adapters

linux

Disconnect Realtek USB Ethernet adapters using rtl8150 driver

🧯 If You Can't Patch

  • Monitor kernel memory usage for abnormal increases
  • Implement strict USB device policies to prevent unauthorized USB Ethernet adapter connections

🔍 How to Verify

Check if Vulnerable:

Check if rtl8150 module is loaded: lsmod | grep rtl8150. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Test with USB Ethernet adapter while monitoring memory usage.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • Memory allocation failures in dmesg
  • USB error messages related to rtl8150

Network Indicators:

  • Unusual memory consumption patterns on systems with USB Ethernet adapters

SIEM Query:

source="kernel" AND ("rtl8150" OR "oom-killer" OR "out of memory")

📊 Metadata

CVE ID: CVE-2025-71154
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.03% exploit probability (8.9th percentile)
Published: January 23, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-71154, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)