CVE-2025-22050

In the Linux kernel, the following vulnerability has been resolved:

usbnet:fix NPE during rx_complete

Missing usbnet_going_away Check in Critical Path.
The usb_submit_urb function lacks a usbnet_going_away
validation, whereas __usbnet_queue_skb includes this check.

This inconsistency creates a race condition where:
A URB request may succeed, but the corresponding SKB data
fails to be queued.

Subsequent processes:
(e.g., rx_complete  defer_bh  __skb_unlink(skb, list))
attempt to access skb->next, triggering a NULL pointer
dereference (Kernel Panic).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.137-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.12.38-1
fixed
trixie
6.12.38-1
fixed
sid
6.16.3-1
fixed
linux-6.1
bullseye (security)
6.1.147-1~deb11u1
fixed
References
https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba
https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544
https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df
https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c
https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642
https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e
https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac