CVE-2026-23188

MEDIUM

Linux kernel - Buffer Overflow

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace: <TASK> schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110 The problem is that rtl8152 resume calls reset under tp->control mutex while reset basically re-enters rtl8152 and attempts to acquire the same tp->control lock once again. Reset INACCESSIBLE device outside of tp->control mutex scope to avoid recursive mutex_lock() deadlock.

References (3)

[Patch] https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702

[Patch] https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7

[Patch] https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-667

Status published

Products (12)

linux/Kernel 6.11.0 - 6.12.70linux

linux/Kernel 6.13.0 - 6.18.10linux

Linux/Linux < 6.11

Linux/Linux 4933b066fefbee4f1d2d708de53c4ab7f09026ad - 1b2efc593dca99d8e8e6f6d6c7ccd9a972679702

Linux/Linux 4933b066fefbee4f1d2d708de53c4ab7f09026ad - 61c8091b7937f91f9bc0b7f6b578de270fe35dc7

Linux/Linux 4933b066fefbee4f1d2d708de53c4ab7f09026ad - 6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04

Linux/Linux 6.11

Linux/Linux 6.12.70 - 6.12.*

Linux/Linux 6.18.10 - 6.18.*

Linux/Linux 6.19

... and 2 more

Published Feb 14, 2026

Tracked Since Feb 18, 2026