VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 20, 2026

CVE-2026-43425

CVE-2026-43425

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: image: mdc800: kill download URB on timeout

mdc800_device_read() submits download_urb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it active.

A subsequent read() resubmits the same URB while it is still in-flight, triggering the WARN in usb_submit_urb():

"URB submitted while active"

Check the return value of wait_event_timeout() and kill the URB if it indicates timeout, ensuring the URB is complete before its status is inspected or the URB is resubmitted.

Similar to - commit 372c93131998 ("USB: yurex: fix control-URB timeout handling") - commit b98d5000c505 ("media: rc: iguanair: handle timeouts")

Affected products

12
  • Linux/Kernel12 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.12.1,<5.10.253
    • cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • (no CPE)range: <=6.13-rc1 (commit 15536f6c15f4)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.