CVE-2026-23188
Unknown Unknown - Not Provided
Deadlock Vulnerability in Linux Kernel rtl8152 USB Driver

Publication date: 2026-02-14

Last updated on: 2026-03-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace: <TASK> schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110 The problem is that rtl8152 resume calls reset under tp->control mutex while reset basically re-enters rtl8152 and attempts to acquire the same tp->control lock once again. Reset INACCESSIBLE device outside of tp->control mutex scope to avoid recursive mutex_lock() deadlock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23188
EUVD
EUVD-2026-5853
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.13 (inc) to 6.18.10 (exc)
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.11 (inc) to 6.12.70 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's Realtek rtl8152 USB network driver. The issue occurs because the rtl8152 driver attempts to reset the device during a resume operation while holding a mutex lock (tp->control). During this reset, the driver tries to acquire the same mutex lock again, causing a recursive mutex_lock() deadlock.

This deadlock results in the device timing out after 10 seconds and can lead to a system panic after 15 seconds, effectively freezing or crashing the system.

Impact Analysis

This vulnerability can cause the affected system to deadlock and potentially panic (crash) when the rtl8152 USB network device resumes from a suspended state. This can lead to system instability, loss of network connectivity, and potential downtime.

In environments relying on this hardware and driver, this could disrupt normal operations and require a system reboot to recover.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves a deadlock occurring during the resume reset process of the rtl8152 USB network device driver in the Linux kernel.

Detection can be attempted by monitoring system logs for signs of device timeout or kernel panic related to the rtl8152 driver.

  • Check kernel logs for messages like 'DPM device timeout after 10 seconds' or call traces involving rtl8152_resume or usb_reset_device.
  • Use the command: dmesg | grep -i rtl8152
  • Monitor for kernel panic or deadlock messages related to USB or network device resets.
Mitigation Strategies

The vulnerability is resolved by fixing the rtl8152 driver to avoid recursive mutex deadlock during device resume reset.

Immediate mitigation steps include updating the Linux kernel to a version that contains the fix for this issue.

  • Apply the latest kernel updates or patches provided by your Linux distribution that address the rtl8152 resume reset deadlock.
  • If updating is not immediately possible, consider disabling USB autosuspend or power management features for the rtl8152 device to prevent resume resets.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23188. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart