VYPR
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026

CVE-2025-40140

CVE-2025-40140

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast

syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning:

rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); }

rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done }

rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission }

rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization.

The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

113

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.