CVE-2025-22050 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba
https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544
https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df
https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c
https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642
https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e
https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac
https://lore.kernel.org/linux-cve-announce/2025041603-CVE-2025-22050-2aee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-22050
https://www.cve.org/CVERecord?id=CVE-2025-22050

History

Fri, 25 Apr 2025 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Thu, 17 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025041603-CVE-2025-22050-2aee@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-22050 https://www.cve.org/CVERecord?id=CVE-2025-22050
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 16 Apr 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic).
Title		usbnet:fix NPE during rx_complete
References		https://git.kernel.org/stable/c/0c30988588b28393e3e8873d5654f910e86391ba https://git.kernel.org/stable/c/0f10f83acfd619e13c64d6705908dfd792f19544 https://git.kernel.org/stable/c/51de3600093429e3b712e5f091d767babc5dd6df https://git.kernel.org/stable/c/95789c2f94fd29dce8759f9766baa333f749287c https://git.kernel.org/stable/c/acacd48a37b52fc95f621765762c04152b58d642 https://git.kernel.org/stable/c/d689645cd1594ea1d13cb0c404f8ad1011353e0e https://git.kernel.org/stable/c/fd9ee3f0d6a53844f65efde581c91bbb0ff749ac

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-04-16T14:12:08.954Z

Updated: 2025-05-04T13:06:57.080Z

Reserved: 2024-12-29T08:45:45.811Z

Link: CVE-2025-22050

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-04-16T15:15:58.437

Modified: 2025-04-17T20:22:16.240

Link: CVE-2025-22050

Redhat

Severity : Moderate

Publid Date: 2025-04-16T00:00:00Z

Links: CVE-2025-22050 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object