DEBIAN-CVE-2025-40140
In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); } rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done } rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission } rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization. The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | linux | 6.12.38-1, 6.12.41-1, 6.12.43-1 |
| Debian:11 | linux-6.1 | *, 6.1.153-1, 6.1.148-1 |
| Debian:11 | linux | 5.10.162-1, 0, 5.10.103-1 |
| Linux | linux | |
| Debian:12 | linux | 6.1.66-1, 6.1.64-1, 6.1.55-1~bpo11+1 |
| Debian:13 | linux | 6.12.38-1, 6.12.43-1, 6.12.43-1~bpo12+1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Nov 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated