-

CVE-2025-40140

EPSS 0.06%
Veröffentlicht 12.11.2025 10:23:24
Zuletzt bearbeitet 12.11.2025 16:19:12
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast

syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb.
This is the sequence of events that leads to the warning:

rtl8150_start_xmit() {
	netif_stop_queue();
	usb_submit_urb(dev->tx_urb);
}

rtl8150_set_multicast() {
	netif_stop_queue();
	netif_wake_queue();		<-- wakes up TX queue before URB is done
}

rtl8150_start_xmit() {
	netif_stop_queue();
	usb_submit_urb(dev->tx_urb);	<-- double submission
}

rtl8150_set_multicast being the ndo_set_rx_mode callback should not be
calling netif_stop_queue and notif_start_queue as these handle
TX queue synchronization.

The net core function dev_set_rx_mode handles the synchronization
for rtl8150_set_multicast making it safe to remove these locks.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cce3c0e21cdd15bcba5c35d3af1700186de8f187

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 1a08a37ac03d07a1608a1592791041cac979fbc3

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 54f8ef1a970a8376e5846ed90854decf7c00555d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 114e05344763a102a8844efd96ec06ba99293ccd

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6394bade9daab8e318c165fe43bba012bf13cd8e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 6053e47bbf212b93c051beb4261d7d5a409d0ce3

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 9d72df7f5eac946f853bf49c428c4e87a17d91da

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 958baf5eaee394e5fd976979b0791a875f14a179

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version < 2.6.12

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.301

Status unaffected

Version <= 5.10.*

Version 5.10.246

Status unaffected

Version <= 5.15.*

Version 5.15.195

Status unaffected

Version <= 6.1.*

Version 6.1.156

Status unaffected

Version <= 6.6.*

Version 6.6.112

Status unaffected

Version <= 6.12.*

Version 6.12.53

Status unaffected

Version <= 6.17.*

Version 6.17.3

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/cce3c0e21cdd15bcba5c35d3af1700186de8f187

https://git.kernel.org/stable/c/1a08a37ac03d07a1608a1592791041cac979fbc3

https://git.kernel.org/stable/c/54f8ef1a970a8376e5846ed90854decf7c00555d

https://git.kernel.org/stable/c/114e05344763a102a8844efd96ec06ba99293ccd

https://git.kernel.org/stable/c/6394bade9daab8e318c165fe43bba012bf13cd8e

https://git.kernel.org/stable/c/6053e47bbf212b93c051beb4261d7d5a409d0ce3

https://git.kernel.org/stable/c/9d72df7f5eac946f853bf49c428c4e87a17d91da

https://git.kernel.org/stable/c/958baf5eaee394e5fd976979b0791a875f14a179

https://nvd.nist.gov/vuln/detail/CVE-2025-40140

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40140

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40140

EUVD