CVE-2025-40164

MEDIUM EPSS 6.4%
Published Nov 12, 20257mo ago · Modified Jun 19, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 12, 2025 7mo ago
Last Modified Jun 19, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 CPU: 1 UID: 0 PID: 2879 Comm: dhcpcd Not tainted 6.15.0-rc4-syzkaller-00098-g615dca38c2ea #0 PREEMPT(voluntary) Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 check_preemption_disabled+0xd0/0xe0 lib/smp_processor_id.c:49 usbnet_skb_return+0x74/0x490 drivers/net/usb/usbnet.c:331 usbnet_resume_rx+0x4b/0x170 drivers/net/usb/usbnet.c:708 usbnet_change_mtu+0x1be/0x220 drivers/net/usb/usbnet.c:417 __dev_set_mtu net/core/dev.c:9443 [inline] netif_set_mtu_ext+0x369/0x5c0 net/core/dev.c:9496 netif_set_mtu+0xb0/0x160 net/core/dev.c:9520 dev_set_mtu+0xae/0x170 net/core/dev_api.c:247 dev_ifsioc+0xa31/0x18d0 net/core/dev_ioctl.c:572 dev_ioctl+0x223/0x10e0 net/core/dev_ioctl.c:821 sock_do_ioctl+0x19d/0x280 net/socket.c:1204 sock_ioctl+0x42f/0x6a0 net/socket.c:1311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f For historical and portability reasons, the netif_rx() is usually run in the softirq or interrupt context, this commit therefore add local_bh_disable/enable() protection in the usbnet_resume_rx().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.7.1  –  <5.15.199
linuxlinux_kernel*≥5.16  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.122
linuxlinux_kernel*≥6.7  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.17.5
linuxlinux_kernel4.7any
linuxlinux_kernel4.7any
linuxlinux_kernel6.18any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0134c7bff14bd50314a4f92b182850ddfc38e255
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/17fbad93879e87a334062882b45fa727ba1b3dd7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/327cd4b68b4398b6c24f10eb2b2533ffbfc10185
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65d04291adf7c59338f87aab9c6fe0bfa9993e64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6635e52bc4165793aefd686962d912d73d323afe
  • git.kernel.org https://git.kernel.org/stable/c/d1944bab8e0c1511f0cbf364aa06547735bb0ddb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f45fffae5e2549bd0a4670cc52a15ad54c9f121e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0134c7bff14bd50314a4f92b182850ddfc38e255
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/17fbad93879e87a334062882b45fa727ba1b3dd7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/327cd4b68b4398b6c24f10eb2b2533ffbfc10185
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/65d04291adf7c59338f87aab9c6fe0bfa9993e64
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1944bab8e0c1511f0cbf364aa06547735bb0ddb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f45fffae5e2549bd0a4670cc52a15ad54c9f121e
    Patch