CVE-2026-43425
EUVD-2026-2873108.05.2026, 15:16
In the Linux kernel, the following vulnerability has been resolved:
usb: image: mdc800: kill download URB on timeout
mdc800_device_read() submits download_urb and waits for completion.
If the timeout fires and the device has not responded, the function
returns without killing the URB, leaving it active.
A subsequent read() resubmits the same URB while it is still
in-flight, triggering the WARN in usb_submit_urb():
"URB submitted while active"
Check the return value of wait_event_timeout() and kill the URB if
it indicates timeout, ensuring the URB is complete before its status
is inspected or the URB is resubmitted.
Similar to
- commit 372c93131998 ("USB: yurex: fix control-URB timeout handling")
- commit b98d5000c505 ("media: rc: iguanair: handle timeouts")EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.12.1 ≤ 𝑥 < 5.10.253 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.203 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.167 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.130 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.78 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.18.19 |
| linux | linux_kernel | 6.19 ≤ 𝑥 < 6.19.9 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.6.12:rc2 |
| linux | linux_kernel | 2.6.12:rc3 |
| linux | linux_kernel | 2.6.12:rc4 |
| linux | linux_kernel | 2.6.12:rc5 |
| linux | linux_kernel | 2.6.12:rc6 |
| linux | linux_kernel | 7.0:rc1 |
| linux | linux_kernel | 7.0:rc2 |
| linux | linux_kernel | 7.0:rc3 |
| linux | linux_kernel | 7.0:rc4 |
𝑥
= Vulnerable software versions
Debian Releases
Vulnerability Media Exposure
References