Linux Kernel Vulnerability in RTL8150 USB Driver
CVE-2025-40140

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40140?

A synchronization issue was identified in the RTL8150 USB driver within the Linux kernel. The flaw occurs due to improper handling of TX queue synchronization in the functions rtl8150_start_xmit and rtl8150_set_multicast. Specifically, calling netif_stop_queue and netif_wake_queue in rtl8150_set_multicast can lead to double submissions of the same transmit request, potentially destabilizing network operations. This vulnerability has been addressed by modifying the synchronization process to allow the net core function dev_set_rx_mode to efficiently manage queue states without additional locking mechanisms.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1a08a37ac03d07a1608a1592791041cac979fbc3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 54f8ef1a970a8376e5846ed90854decf7c00555d

References

https://git.kernel.org/stable/c/cce3c0e21cdd15bcba5c35d3a...

https://git.kernel.org/stable/c/1a08a37ac03d07a1608a15927...

https://git.kernel.org/stable/c/54f8ef1a970a8376e5846ed90...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON