FKIE_CVE-2026-23188

Vulnerability from fkie_nvd - Published: 2026-02-14 17:15 - Updated: 2026-02-18 17:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace: <TASK> schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110 The problem is that rtl8152 resume calls reset under tp->control mutex while reset basically re-enters rtl8152 and attempts to acquire the same tp->control lock once again. Reset INACCESSIBLE device outside of tp->control mutex scope to avoid recursive mutex_lock() deadlock.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: r8152: fix resume reset deadlock\n\nrtl8152 can trigger device reset during reset which\npotentially can result in a deadlock:\n\n **** DPM device timeout after 10 seconds; 15 seconds until panic ****\n Call Trace:\n \u003cTASK\u003e\n schedule+0x483/0x1370\n schedule_preempt_disabled+0x15/0x30\n __mutex_lock_common+0x1fd/0x470\n __rtl8152_set_mac_address+0x80/0x1f0\n dev_set_mac_address+0x7f/0x150\n rtl8152_post_reset+0x72/0x150\n usb_reset_device+0x1d0/0x220\n rtl8152_resume+0x99/0xc0\n usb_resume_interface+0x3e/0xc0\n usb_resume_both+0x104/0x150\n usb_resume+0x22/0x110\n\nThe problem is that rtl8152 resume calls reset under\ntp-\u003econtrol mutex while reset basically re-enters rtl8152\nand attempts to acquire the same tp-\u003econtrol lock once\nagain.\n\nReset INACCESSIBLE device outside of tp-\u003econtrol mutex\nscope to avoid recursive mutex_lock() deadlock."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: usb: r8152: corregir interbloqueo de reinicio de reanudaci\u00f3n\n\nrtl8152 puede desencadenar un reinicio del dispositivo durante el reinicio, lo que potencialmente puede resultar en un interbloqueo:\n\n** Tiempo de espera agotado del dispositivo DPM despu\u00e9s de 10 segundos; 15 segundos hasta el p\u00e1nico **\nRastreo de llamadas:\n\nschedule+0x483/0x1370\nschedule_preempt_disabled+0x15/0x30\n__mutex_lock_common+0x1fd/0x470\n__rtl8152_set_mac_address+0x80/0x1f0\ndev_set_mac_address+0x7f/0x150\nrtl8152_post_reset+0x72/0x150\nusb_reset_device+0x1d0/0x220\nrtl8152_resume+0x99/0xc0\nusb_resume_interface+0x3e/0xc0\nusb_resume_both+0x104/0x150\nusb_resume+0x22/0x110\n\nEl problema es que la reanudaci\u00f3n de rtl8152 llama a reset bajo el mutex tp-\u0026gt;control mientras que reset b\u00e1sicamente reingresa a rtl8152 e intenta adquirir el mismo bloqueo tp-\u0026gt;control una vez m\u00e1s.\n\nReiniciar el dispositivo INACCESIBLE fuera del \u00e1mbito del mutex tp-\u0026gt;control para evitar el interbloqueo recursivo de mutex_lock()."
    }
  ],
  "id": "CVE-2026-23188",
  "lastModified": "2026-02-18T17:52:22.253",
  "metrics": {},
  "published": "2026-02-14T17:15:56.600",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.