U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-40140 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); } rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done } rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission } rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization. The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/114e05344763a102a8844efd96ec06ba99293ccd kernel.org
https://git.kernel.org/stable/c/1a08a37ac03d07a1608a1592791041cac979fbc3 kernel.org
https://git.kernel.org/stable/c/54f8ef1a970a8376e5846ed90854decf7c00555d kernel.org
https://git.kernel.org/stable/c/6053e47bbf212b93c051beb4261d7d5a409d0ce3 kernel.org
https://git.kernel.org/stable/c/6394bade9daab8e318c165fe43bba012bf13cd8e kernel.org
https://git.kernel.org/stable/c/958baf5eaee394e5fd976979b0791a875f14a179 kernel.org
https://git.kernel.org/stable/c/9d72df7f5eac946f853bf49c428c4e87a17d91da kernel.org
https://git.kernel.org/stable/c/cce3c0e21cdd15bcba5c35d3af1700186de8f187 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-40140
NVD Published Date:
11/12/2025
NVD Last Modified:
11/12/2025
Source:
kernel.org