PT-2025-46615 · Linux+3 · Linux Kernel+3

Published

2025-09-24

·

Updated

2026-05-07

·

CVE-2025-40140

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel related to USB networking. Specifically, the rtl8150 set multicast function incorrectly calls netif stop queue and netif wake queue, leading to potential issues with TX queue synchronization. This can result in double submission of URBs (USB requests) as observed in the rtl8150 start xmit function, triggering a warning reported by syzbot in rtl8150 start xmit/usb submit urb. The ndo set rx mode callback should not manage TX queue synchronization directly, as the dev set rx mode function already handles this. The issue stems from the disruptive netif wake queue call within rtl8150 set multicast.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Weakness Enumeration

CWE-667CWE-366

Related Identifiers

BDU:2025-15290
CVE-2025-40140
DLA-4379-1
DLA-4404-1
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OPENSUSE-SU-2025:20172-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8033-1
USN-8033-2
USN-8033-3
USN-8033-4
USN-8033-5
USN-8033-6
USN-8033-7
USN-8033-8
USN-8034-1
USN-8034-2
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu