CVE-2025-22050

MEDIUM

Linux Kernel - NULL Pointer Dereference in USB Networking rx_complete

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic).

References (8)

Core 8

Scores

CVSS v3 4.7
EPSS 0.0016
EPSS Percentile 5.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (30)
linux/Kernel < 5.15.180linux
linux/Kernel 5.16.0 - 6.1.134linux
linux/Kernel 6.12.0 - 6.13.11linux
linux/Kernel 6.13.0 - 6.14.2linux
linux/Kernel 6.2.0 - 6.6.87linux
linux/Kernel 6.7.0 - 6.12.23linux
Linux/Linux < 6.12
Linux/Linux 04e906839a053f092ef53f4fb2d610983412b904 - 0c30988588b28393e3e8873d5654f910e86391ba
Linux/Linux 04e906839a053f092ef53f4fb2d610983412b904 - 51de3600093429e3b712e5f091d767babc5dd6df
Linux/Linux 04e906839a053f092ef53f4fb2d610983412b904 - d689645cd1594ea1d13cb0c404f8ad1011353e0e
... and 20 more
Published Apr 16, 2025
Tracked Since Feb 18, 2026