CVE-2025-22050

Summary

In the Linux kernel, the following vulnerability has been resolved:

usbnet:fix NPE during rx_complete

Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check.

This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued.

Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic).

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb80aacfea6e8d6ed6e430aa13922d6ccf044415a < 95789c2f94fd29dce8759f9766baa333f749287caffected
LinuxLinux869caa8de8cb94514df704ccbe0b024fda4b9398 < 0f10f83acfd619e13c64d6705908dfd792f19544affected
LinuxLinux1e44ee6cdd123d6cfe78b4a94e1572e23bbb58ce < acacd48a37b52fc95f621765762c04152b58d642affected
LinuxLinux04e906839a053f092ef53f4fb2d610983412b904 < d689645cd1594ea1d13cb0c404f8ad1011353e0eaffected
LinuxLinux04e906839a053f092ef53f4fb2d610983412b904 < 0c30988588b28393e3e8873d5654f910e86391baaffected
LinuxLinux04e906839a053f092ef53f4fb2d610983412b904 < fd9ee3f0d6a53844f65efde581c91bbb0ff749acaffected
LinuxLinux04e906839a053f092ef53f4fb2d610983412b904 < 51de3600093429e3b712e5f091d767babc5dd6dfaffected
LinuxLinuxca124236cd14e61610f56df9a8f81376a1ffe660affected
LinuxLinux54671d731f4977fb3c0c26f2840655b5204e4437affected
LinuxLinux5.15.168 < 5.15.180affected
LinuxLinux6.1.113 < 6.1.134affected
LinuxLinux6.6.54 < 6.6.87affected
LinuxLinux6.10.13 < 6.11affected
LinuxLinux6.11.2 < 6.12affected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.134 <= 6.1.*unaffected
LinuxLinux6.6.87 <= 6.6.*unaffected
LinuxLinux6.12.23 <= 6.12.*unaffected
LinuxLinux6.13.11 <= 6.13.*unaffected
LinuxLinux6.14.2 <= 6.14.*unaffected
LinuxLinux6.15 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References