AZL-78431

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78431.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-78431

Upstream

CVE-2025-71154

Published

2026-01-23T15:16:06Z

Modified

2026-04-01T05:23:14.546792Z

Summary

CVE-2025-71154 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: rtl8150: fix memory leak on usbsubmiturb() failure

In asyncsetregisters(), when usbsubmiturb() fails, the allocated async_req structure and URB are not freed, causing a memory leak.

The completion callback asyncsetreg_cb() is responsible for freeing these allocations, but it is only called after the URB is successfully submitted and completes (successfully or with error). If submission fails, the callback never runs and the memory is leaked.

Fix this by freeing both the URB and the request structure in the error path when usbsubmiturb() fails.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-71154

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-78431.json"