CVE-2026-23188
Deadlock Vulnerability in Linux Kernel rtl8152 USB Driver
Publication date: 2026-02-14
Last updated on: 2026-03-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.10 (exc) |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.11 (inc) to 6.12.70 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's Realtek rtl8152 USB network driver. The issue occurs because the rtl8152 driver attempts to reset the device during a resume operation while holding a mutex lock (tp->control). During this reset, the driver tries to acquire the same mutex lock again, causing a recursive mutex_lock() deadlock.
This deadlock results in the device timing out after 10 seconds and can lead to a system panic after 15 seconds, effectively freezing or crashing the system.
How can this vulnerability impact me? :
This vulnerability can cause the affected system to deadlock and potentially panic (crash) when the rtl8152 USB network device resumes from a suspended state. This can lead to system instability, loss of network connectivity, and potential downtime.
In environments relying on this hardware and driver, this could disrupt normal operations and require a system reboot to recover.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a deadlock occurring during the resume reset process of the rtl8152 USB network device driver in the Linux kernel.
Detection can be attempted by monitoring system logs for signs of device timeout or kernel panic related to the rtl8152 driver.
- Check kernel logs for messages like 'DPM device timeout after 10 seconds' or call traces involving rtl8152_resume or usb_reset_device.
- Use the command: dmesg | grep -i rtl8152
- Monitor for kernel panic or deadlock messages related to USB or network device resets.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by fixing the rtl8152 driver to avoid recursive mutex deadlock during device resume reset.
Immediate mitigation steps include updating the Linux kernel to a version that contains the fix for this issue.
- Apply the latest kernel updates or patches provided by your Linux distribution that address the rtl8152 resume reset deadlock.
- If updating is not immediately possible, consider disabling USB autosuspend or power management features for the rtl8152 device to prevent resume resets.