CVE-2026-53107

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: libertas: don't kill URBs in interrupt context

Serialization for the TX path was enforced by calling usb_kill_urb()/usb_kill_anchored_urbs(), to prevent transmission before a previous URB was completed. usb_tx_block() can be called from interrupt context (e.g. in the HCD giveback path), so we can't always use it to kill in-flight URBs.

Prevent sleeping during interrupt context by checking the tx_submitted anchor for existing URBs. We now return -EBUSY, to indicate there's a pending request.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3308c7504e093b22e91a4468470309cee2e26b83 < 00c0317cebf44151df18fb647781f315268cdd98affected
LinuxLinuxd66676e6ca96bf8680f869a9bd6573b26c634622 < 4f273d3f98ebc60c30bbfb3ed4a7f0477d3eaed2affected
LinuxLinuxd66676e6ca96bf8680f869a9bd6573b26c634622 < 7c5c2b661bdb78c1472b8833265c9ed1ee880039affected
LinuxLinux498525d8358d6d20918787e59736d5b6a021e9fdaffected
LinuxLinux2902a9b4415a6bafc9b1e5dd360f065d757a0bb7affected
LinuxLinux948a39c95d0f8d73722910f8cdb7b6e3e9206232affected
LinuxLinux5bfb25495e391a1be0db94b15715174fa06b93a1affected
LinuxLinuxb82073564373e68c6ae3a96039fae14cd002a496affected
LinuxLinuxfc188b44547dea4e7350833171982a6312befde9affected
LinuxLinux6.18.16 < 6.18.33affected
LinuxLinux5.10.252 < 5.11affected
LinuxLinux5.15.202 < 5.16affected
LinuxLinux6.1.165 < 6.2affected
LinuxLinux6.6.128 < 6.7affected
LinuxLinux6.12.75 < 6.13affected
LinuxLinux6.19.6 < 6.20affected
LinuxLinux7.0affected
LinuxLinux0 < 7.0unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References