Android has had this disabled for many years so there should not be any real systems that still need this

I am not sure where did he get this information from but I just tested USB-tethering on my phone and `rndis_host` module gets loaded on my laptop. And my phone ain't old, it is Ulefone Power 5 which was first released at 2018 and I personally bought it around 2020.

So yeah, modern phones still require this support 🤷‍♂️

I would heavily suggest you put this on the making list, then.

This is going to prevent the use of many USB modems and tethering from the overwhelmingly vast majority of Android phones.

As it stands, currently the only phones that don't use RNDIS and instead use CDC NCM are the Pixel 6 and 7 lines of phones.
Android hasn't "had this disabled for many years", there are "real systems" that rely on RNDIS: it's over 99% of Android devices.
It's still the protocol chosen by vendors as it's the lowest common denominator. The Android developers haven't made any moves to remove or revise supported configurations so devices that are launching with Android 14 can still only implement RNDIS.

My question is still the same as when the patch first hit the mailing list, what vulnerability is there that is so catastrophic the only solution is to slowly remove support for it while the ones still implementing it are left in the dark.
Is it not possible to add the ability to not initialize the driver and USB interface if the device has not been trusted for that session? If it's going to be drummed on about untrusted devices being a vulnerability then why does the USB subsystem automatically trust them.

And there still has been no response to the issues or questions brought up by the sole person that NACKed the patch, the Google network developer. If it's going to be forced through anyway then why were the incorrect statements not removed or revised.

In the end distributions are still going to be building kernels with it, as plenty of users rely on it as the sole method of internet connection.

GKH doesn't care. Last time it came up on the mailing list any objections to this disabling hardware were either ignored or contended that there is no solution to the problem so it should be disabled anyway. Quoting my post from the last time this came up on Phoronix:



​The Google network engineer correctly asserted that many Android devices still only use the RNDIS gadget and thus require the RNDIS driver on the host in order for USB tethering to function, and that Android hasn't had this disabled and it's entirely on what the SoC vendor supports. GKH continues to ignore this and assumes Android has ceased using it, which is not true.

I don't know the currently supported protocols on recent phones like the Galaxy S23, but new Android phones are still a small drop in the bucket of billions of older Android devices.

As I said last time we're probably going to see distributions continue to use RNDIS and just revert the patch if it does make it in, as it would be a very breaking change for users relying on RNDIS to update and then have no internet and no recourse.
​

..... disable all Microsoft Remote Network Driver Interface Specification (RNDIS) drivers.......