Linux Might Finally Disable The Microsoft RNDIS Protocol Drivers In 2026

Background on RNDIS

The Microsoft Remote Network Driver Interface Specification (RNDIS) has long been a staple for enabling Ethernet-like connectivity over USB, particularly for devices like early Android phones and Windows peripherals. However, its design flaws—rooted in Microsoft's original implementation for Windows XP and later—have made it a persistent security liability. Unlike standard USB Ethernet drivers, RNDIS operates in a "black box" mode where Linux and Android cannot inspect or validate packet integrity, creating opportunities for malicious actors to exploit the protocol.

Security Risks and Industry Shift

RNDIS's vulnerabilities became glaringly apparent in 2023, when researchers demonstrated how attackers could intercept or manipulate traffic between Linux systems and RNDIS devices. The protocol's lack of encryption and authentication mechanisms, combined with its opaque nature, made it a prime target for exploitation. Meanwhile, modern alternatives like USB Ethernet Class 2.0 and Bluetooth Low Energy (BLE) have rendered RNDIS obsolete for most use cases. Android, for instance, deprecated RNDIS support in 2017, leaving Linux as one of the last holdouts.

Kernel Developments

Greg Kroah-Hartman, Linux kernel maintainer, recently updated the rndis Git branch with two critical patches: one to disable all RNDIS drivers and another to address a host-side buffer overflow vulnerability. The proposed changes aim to eliminate RNDIS support entirely, forcing users to adopt secure alternatives. Kroah-Hartman emphasized that Windows systems older than XP can use standard USB protocols, and Android has already phased out RNDIS, leaving Linux as the final frontier.