VDB

DEBIAN-CVE-2025-40140

DEBIAN-CVE-2025-40140 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); } rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done } rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission } rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization. The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks.

Affected Products

VendorProductVersions
Debian:14linux6.12.38-1, 6.12.41-1, 6.12.43-1
Debian:11linux-6.1*, 6.1.153-1, 6.1.148-1
Debian:11linux5.10.162-1, 0, 5.10.103-1
Linuxlinux
Debian:12linux6.1.66-1, 6.1.64-1, 6.1.55-1~bpo11+1
Debian:13linux6.12.38-1, 6.12.43-1, 6.12.43-1~bpo12+1

Exploit Intelligence

Timeline

  • Nov 12, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›