References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

usbnet:fix NPE during rx_complete

Missing usbnet_going_away Check in Critical Path.
The usb_submit_urb function lacks a usbnet_going_away
validation, whereas __usbnet_queue_skb includes this check.

This inconsistency creates a race condition where:
A URB request may succeed, but the corresponding SKB data
fails to be queued.

Subsequent processes:
(e.g., rx_complete → defer_bh → __skb_unlink(skb, list))
attempt to access skb->next, triggering a NULL pointer
dereference (Kernel Panic).

https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba

https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544

https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df

https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c

https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642

https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e

https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac