CVE-2025-40140

Linux Kernel - Denial of Service via netif_wake_queue in rtl8150_set_multicast

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); } rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done } rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission } rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization. The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks.

Scores

EPSS 0.0021
EPSS Percentile 10.8%

Details

Status published
Products (25)
linux/Kernel 2.6.12 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.195linux
linux/Kernel 5.16.0 - 6.1.156linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.3linux
linux/Kernel 6.2.0 - 6.6.112linux
linux/Kernel 6.7.0 - 6.12.53linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 114e05344763a102a8844efd96ec06ba99293ccd
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1a08a37ac03d07a1608a1592791041cac979fbc3
... and 15 more
Published Nov 12, 2025
Tracked Since Feb 18, 2026