PT-2025-46639 · Usbnet+4 · Usbnet+4

Published

2025-10-11

·

Updated

2026-05-22

·

CVE-2025-40164

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc4-syzkaller-00098-g615dca38c2ea
Description The Linux kernel contains an issue where smp processor id() is used in preemptible code, leading to warnings reported by Syzbot. Specifically, the issue occurs within the usbnet skb return function in drivers/net/usb/usbnet.c. The usbnet resume rx function lacked local bh disable/enable protection, which has been added to address the problem. This issue was identified through testing with Syzbot and affects the usbnet driver.
Recommendations Update to Linux kernel version 6.15.0-rc4-syzkaller-00098-g615dca38c2ea or a later version to resolve this issue.

Exploit

Fix

Stack Overflow

Buffer Overflow

Weakness Enumeration

CWE-121CWE-399CWE-119CWE-662

Related Identifiers

AZL-78392
BDU:2025-16159
CVE-2025-40164
ECHO-F8B2-2B8D-CB97
OESA-2025-2765
OESA-2025-2766
OESA-2025-2767
OPENSUSE-SU-2025:20172-1
SUSE-SU-2025:4393-1
SUSE-SU-2025:4422-1
SUSE-SU-2025:4505-1
SUSE-SU-2025:4516-1
SUSE-SU-2025:4517-1
SUSE-SU-2025:4521-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:20012-1
SUSE-SU-2026:20015-1
SUSE-SU-2026:20021-1
SUSE-SU-2026:20039-1
SUSE-SU-2026:20059-1
SUSE-SU-2026:20473-1
SUSE-SU-2026:20496-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8162-1
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8180-1
USN-8180-2
USN-8180-3
USN-8180-4
USN-8180-5
USN-8180-6
USN-8184-1
USN-8185-1
USN-8185-2
USN-8186-1
USN-8187-1
USN-8188-1
USN-8203-1
USN-8204-1
USN-8243-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1
USN-8275-1
USN-8297-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu
Usbnet