CVE-2026-43255
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: libertas: fix WARNING in usb_tx_block
The function usb_tx_block() submits cardp->tx_urb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active (e.g. during rapid firmware loading), usb_submit_urb() detects the active state and triggers a warning: 'URB submitted while active'.
Fix this by enforcing serialization: call usb_kill_urb() before submitting the new request. This ensures the URB is idle and safe to reuse.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's libertas WiFi driver, usb_tx_block() can trigger a WARNING by submitting an already-active URB, fixed by serializing with usb_kill_urb().
Vulnerability
The function usb_tx_block() in the libertas WiFi driver for USB devices submits cardp->tx_urb without ensuring that any previous transmission on that URB has completed. If a second call occurs while the URB is still active—for example, during rapid firmware loading—usb_submit_urb() detects the active state and triggers a kernel WARNING: "URB submitted while active" [1]. The root cause is a missing serialization mechanism.
Exploitation
An attacker with local access can trigger this condition by causing concurrent calls to usb_tx_block(), such as through rapid firmware loading operations. No special privileges beyond local user access are required, and the attack does not depend on network reachability. The vulnerability is exposed through the libertas driver's interaction with USB devices.
Impact
The kernel WARNING can lead to system instability or a denial-of-service condition, as the warning itself may disrupt normal operation. The CVSS v3 score of 5.5 (Medium) reflects a primarily availability impact, with no direct confidentiality or integrity compromise.
Mitigation
The fix enforces serialization by calling usb_kill_urb() before submitting a new request, ensuring the URB is idle and safe to reuse. This patch has been backported to multiple stable kernel branches [1][2][3][4]. Users should update to the latest stable kernel version to eliminate the warning.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/2902a9b4415a6bafc9b1e5dd360f065d757a0bb7nvdPatch
- git.kernel.org/stable/c/3308c7504e093b22e91a4468470309cee2e26b83nvdPatch
- git.kernel.org/stable/c/498525d8358d6d20918787e59736d5b6a021e9fdnvdPatch
- git.kernel.org/stable/c/5bfb25495e391a1be0db94b15715174fa06b93a1nvdPatch
- git.kernel.org/stable/c/948a39c95d0f8d73722910f8cdb7b6e3e9206232nvdPatch
- git.kernel.org/stable/c/b82073564373e68c6ae3a96039fae14cd002a496nvdPatch
- git.kernel.org/stable/c/d66676e6ca96bf8680f869a9bd6573b26c634622nvdPatch
- git.kernel.org/stable/c/fc188b44547dea4e7350833171982a6312befde9nvdPatch
News mentions
0No linked articles in our index yet.