CVE-2025-71154

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-71154
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71154.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-71154
Downstream
Related
Published
2026-01-23T14:25:53.818Z
Modified
2026-03-20T12:46:38.861013Z
Summary
net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
Details

In the Linux kernel, the following vulnerability has been resolved:

net: usb: rtl8150: fix memory leak on usbsubmiturb() failure

In asyncsetregisters(), when usbsubmiturb() fails, the allocated async_req structure and URB are not freed, causing a memory leak.

The completion callback asyncsetreg_cb() is responsible for freeing these allocations, but it is only called after the URB is successfully submitted and completes (successfully or with error). If submission fails, the callback never runs and the memory is leaked.

Fix this by freeing both the URB and the request structure in the error path when usbsubmiturb() fails.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/71xxx/CVE-2025-71154.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4d12997a9bb3d217ad4b925ec3074ec89364bf95
Fixed
a4e2442d3c48355a84463342f397134f149936d7
Fixed
2f966186b99550e3c665dbfb87b8314e30acea02
Fixed
db2244c580540306d60ce783ed340190720cd429
Fixed
4bd4ea3eb326608ffc296db12c105f92dc2f2190
Fixed
6492ad6439ff1a479fc94dc6052df3628faed8b6
Fixed
151403e903840c9cf06754097b6732c14f26c532
Fixed
12cab1191d9890097171156d06bfa8d31f1e39c8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-71154.json"