In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. The completion callback async_set_reg_cb() is responsible for freeing these allocations, but it is only called after the URB is successfully submitted and completes (successfully or with error). If submission fails, the callback never runs and the memory is leaked. Fix this by freeing both the URB and the request structure in the error path when usb_submit_urb() fails.
Conclusion & alert: CVE-2025-71154 is rated Low Risk (22.7/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.11%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.02% | 0.11% | +0.09% |
| 2 | 2026-02-27 | 0.06% | 0.02% | -0.04% |
| 3 | 2026-02-18 | — | 0.06% | — |
Full EPSS history (4 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.5 | 3.1 | MEDIUM |
|
1.8 | 3.6 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2025-71154 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2025-71154 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2025-71154 |
suse
|
medium | CVE-2025-71154 severity moderate: SUSE including 382 source package names (13.2-9.1:libsqlite3-0-3.49.1-1.1, 2.1.3-6.115:kernel-default-base-6.4.0-39.1.21.16, …), 560 product×package rows across 66 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (66 product lines)): Fixed 277, Known Affected 231, First Fixed 25, Will Not Fix 19, Known Not Affected 8. | https://www.suse.com/security/cve/CVE-2025-71154/ |
ubuntu
|
medium | CVE-2025-71154 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1413 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1018, ignored 173, released 150, needed 49, pending 12, not-affected 11. | https://ubuntu.com/security/CVE-2025-71154 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | >= 3.10.1, < 5.10.248 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.11, < 5.15.198 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.16, < 6.1.160 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.2, < 6.6.120 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.7, < 6.12.64 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.13, < 6.18.4 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 3.10 | cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:* |
| linux | linux_kernel | 3.10 | cpe:2.3:o:linux:linux_kernel:3.10:rc3:*:*:*:*:*:* |
| linux | linux_kernel | 3.10 | cpe:2.3:o:linux:linux_kernel:3.10:rc4:*:*:*:*:*:* |
| linux | linux_kernel | 3.10 | cpe:2.3:o:linux:linux_kernel:3.10:rc5:*:*:*:*:*:* |
| linux | linux_kernel | 3.10 | cpe:2.3:o:linux:linux_kernel:3.10:rc6:*:*:*:*:*:* |
| linux | linux_kernel | 3.10 | cpe:2.3:o:linux:linux_kernel:3.10:rc7:*:*:*:*:*:* |
| linux | linux_kernel | 6.19 | cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 6.19 | cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 6.19 | cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* |