CVE-2025-71154

net: usb: rtl8150: fix memory leak on usb_submit_urb() failure

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. The completion callback async_set_reg_cb() is responsible for freeing these allocations, but it is only called after the URB is successfully submitted and completes (successfully or with error). If submission fails, the callback never runs and the memory is leaked. Fix this by freeing both the URB and the request structure in the error path when usb_submit_urb() fails.

INFO

Published Date :

2026-01-23T14:25:53.818Z

Last Modified :

2026-02-09T08:35:52.404Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2025-71154 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-71154.

URL	Resource
https://git.kernel.org/stable/c/12cab1191d9890097171156d06bfa8d31f1e39c8
https://git.kernel.org/stable/c/151403e903840c9cf06754097b6732c14f26c532
https://git.kernel.org/stable/c/2f966186b99550e3c665dbfb87b8314e30acea02
https://git.kernel.org/stable/c/4bd4ea3eb326608ffc296db12c105f92dc2f2190
https://git.kernel.org/stable/c/6492ad6439ff1a479fc94dc6052df3628faed8b6
https://git.kernel.org/stable/c/a4e2442d3c48355a84463342f397134f149936d7
https://git.kernel.org/stable/c/db2244c580540306d60ce783ed340190720cd429
https://lore.kernel.org/linux-cve-announce/2026012305-CVE-2025-71154-bc99@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71154
https://www.cve.org/CVERecord?id=CVE-2025-71154

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact