There’s activity again around potentially disabling and then ultimately removing the RNDIS Linux kernel code for those drivers complying with the Microsoft Remote Network Driver Interface Specification (RNDIS) protocol specification. RNDIS was used atop USB for virtual Ethernet but has proven insecure and problematic.
Back in January 2023 was a proposal to disable all of the RNDIS kernel drivers given the security implications of Remote NDIS. Some still wanted the RNDIS driver support to stick around so then it wasn’t until early 2024 that marking the RNDIS drivers as “BROKEN” was proposed again but ultimately un-merged… With the start of 2025 quickly approaching, it looks like the matter of disabling/removing RNDIS drivers from the Linux kernel is to come up again.
This week Greg Kroah-Hartman updated his “rndis-removal” Git branch within the USB.git repository for where all of the Linux kernel’s USB subsystem code is staged. For now that rndis-removal branch hasn’t been merged to the USB “next” branch meaning it’s not yet queued up for introduction into the next kernel cycle, but given that he’s rebased the branch again Linux 6.13-rc4 suggests that he’s looking at the topic again.
With the patch disabling all RNDIS protocol drivers, the patch message reads:
“The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on any system that uses it with untrusted hosts or devices. Because the protocol is impossible to make secure, just disable all rndis drivers to prevent anyone from using them again.
Windows only needed this for XP and newer systems, Windows systems older than that can use the normal USB class protocols instead, which do not have these problems.
Android has had this disabled for many years so there should not be any real systems that still need this.”
We’ll see if the RNDIS protocol drivers finally get the boot from the mainline Linux kernel in 2025…
