CVE-2025-22050

In the Linux kernel, the following vulnerability has been resolved:

usbnet:fix NPE during rx_complete

Missing usbnet_going_away Check in Critical Path.
The usb_submit_urb function lacks a usbnet_going_away
validation, whereas __usbnet_queue_skb includes this check.

This inconsistency creates a race condition where:
A URB request may succeed, but the corresponding SKB data
fails to be queued.

Subsequent processes:
(e.g., rx_complete  defer_bh  __skb_unlink(skb, list))
attempt to access skb->next, triggering a NULL pointer
dereference (Kernel Panic).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
linuxlinux_kernel
5.15.168 ≤
𝑥
< 5.15.180
linuxlinux_kernel
6.1.113 ≤
𝑥
< 6.1.134
linuxlinux_kernel
6.6.54 ≤
𝑥
< 6.6.87
linuxlinux_kernel
6.10.13 ≤
𝑥
< 6.11
linuxlinux_kernel
6.11.2 ≤
𝑥
< 6.12.23
linuxlinux_kernel
6.13 ≤
𝑥
< 6.13.11
linuxlinux_kernel
6.14 ≤
𝑥
< 6.14.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.244-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.17.9-1
fixed
sid
6.17.10-1
fixed
linux-6.1
bullseye (security)
6.1.158-1~deb11u1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba
https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544
https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df
https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c
https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642
https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e
https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html