7.8

CVE-2026-43180

net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode

In the Linux kernel, the following vulnerability has been resolved:

net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode

kaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls
netif_stop_queue() and netif_wake_queue(). These are TX queue flow
control functions unrelated to RX multicast configuration.

The premature netif_wake_queue() can re-enable TX while tx_urb is still
in-flight, leading to a double usb_submit_urb() on the same URB:

kaweth_start_xmit() {
    netif_stop_queue();
    usb_submit_urb(kaweth->tx_urb);
}

kaweth_set_rx_mode() {
    netif_stop_queue();
    netif_wake_queue();             // wakes TX queue before URB is done
}

kaweth_start_xmit() {
    netif_stop_queue();
    usb_submit_urb(kaweth->tx_urb); // URB submitted while active
}

This triggers the WARN in usb_submit_urb():

  "URB submitted while active"

This is a similar class of bug fixed in rtl8150 by

- commit 958baf5eaee3 ("net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast").

Also kaweth_set_rx_mode() is already functionally broken, the
real set_rx_mode action is performed by kaweth_async_set_rx_mode(),
which in turn is not a no-op only at ndo_open() time.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12.1 < 5.10.252
LinuxLinux Kernel Version >= 5.11 < 5.15.202
LinuxLinux Kernel Version >= 5.16 < 6.1.165
LinuxLinux Kernel Version >= 6.2 < 6.6.128
LinuxLinux Kernel Version >= 6.7 < 6.12.75
LinuxLinux Kernel Version >= 6.13 < 6.18.16
LinuxLinux Kernel Version >= 6.19 < 6.19.6
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version2.6.12 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.029
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/443a830b1dc4f85c7560da59d4494b629feee215
Patch
https://git.kernel.org/stable/c/586318c2730433184c6f1d21183e346ddf25e81d
Patch
https://git.kernel.org/stable/c/a2cd4b4db315a845a5603d08c9d03b11ddfc799d
Patch
https://git.kernel.org/stable/c/ef9b10a020503888eb6c8ed85a3d901a624ede4c
Patch
https://git.kernel.org/stable/c/9c79b839a63980c7da7ec5db895198045e154112
Patch
https://git.kernel.org/stable/c/fc393af769af845d9985e2845e49553d8f015a64
Patch
https://git.kernel.org/stable/c/8367c0e90126426e60581e4c07e1ec4411a0f843
Patch
https://git.kernel.org/stable/c/64868f5ecadeb359a49bc4485bfa7c497047f13a
Patch