Linux Kernel USB Network Driver Vulnerability Impacting Processor ID Handling
CVE-2025-40164

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40164?

A vulnerability in the Linux kernel's usbnet driver has been identified, which arises from incorrect use of the smp_processor_id() function in preemptible code. This can lead to undefined behavior during the execution of network-related processes, particularly affecting the usbnet_skb_return function. The issue, traced back to specific versions of the Linux kernel, has been addressed by implementing appropriate local_bh_disable/enable() protections within the usbnet_resume_rx function to prevent adverse effects in a softirq or interrupt context. Users are encouraged to update to the patched version to maintain system integrity.

Affected Version(s)

Linux 43daa96b166c3cf5ff30dfac0c5efa2620e4beab < 0134c7bff14bd50314a4f92b182850ddfc38e255

Linux 43daa96b166c3cf5ff30dfac0c5efa2620e4beab < 327cd4b68b4398b6c24f10eb2b2533ffbfc10185

Linux 4.7

References

https://git.kernel.org/stable/c/0134c7bff14bd50314a4f92b1...

https://git.kernel.org/stable/c/327cd4b68b4398b6c24f10eb2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON