CVE-2026-23188

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: usb: r8152: fix resume reset deadlock

rtl8152 can trigger device reset during reset which potentially can result in a deadlock:

**** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace: <TASK> schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110

The problem is that rtl8152 resume calls reset under tp->control mutex while reset basically re-enters rtl8152 and attempts to acquire the same tp->control lock once again.

Reset INACCESSIBLE device outside of tp->control mutex scope to avoid recursive mutex_lock() deadlock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4933b066fefbee4f1d2d708de53c4ab7f09026ad < 61c8091b7937f91f9bc0b7f6b578de270fe35dc7affected
LinuxLinux4933b066fefbee4f1d2d708de53c4ab7f09026ad < 1b2efc593dca99d8e8e6f6d6c7ccd9a972679702affected
LinuxLinux4933b066fefbee4f1d2d708de53c4ab7f09026ad < 6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.12.70 <= 6.12.*unaffected
LinuxLinux6.18.10 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References