CVE-2026-23188

In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: **** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace: <TASK> schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110 The problem is that rtl8152 resume calls reset under tp->control mutex while reset basically re-enters rtl8152 and attempts to acquire the same tp->control lock once again. Reset INACCESSIBLE device outside of tp->control mutex scope to avoid recursive mutex_lock() deadlock.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702	Patch
https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7	Patch
https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

19 Mar 2026, 18:04

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702 -~~	() https://git.kernel.org/stable/c/1b2efc593dca99d8e8e6f6d6c7ccd9a972679702 - Patch
References	~~() https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7 -~~	() https://git.kernel.org/stable/c/61c8091b7937f91f9bc0b7f6b578de270fe35dc7 - Patch
References	~~() https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04 -~~	() https://git.kernel.org/stable/c/6d06bc83a5ae8777a5f7a81c32dd75b8d9b2fe04 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-667
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::

18 Feb 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: usb: r8152: corregir interbloqueo de reinicio de reanudación rtl8152 puede desencadenar un reinicio del dispositivo durante el reinicio, lo que potencialmente puede resultar en un interbloqueo: Tiempo de espera agotado del dispositivo DPM después de 10 segundos; 15 segundos hasta el pánico Rastreo de llamadas: schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110 El problema es que la reanudación de rtl8152 llama a reset bajo el mutex tp->control mientras que reset básicamente reingresa a rtl8152 e intenta adquirir el mismo bloqueo tp->control una vez más. Reiniciar el dispositivo INACCESIBLE fuera del ámbito del mutex tp->control para evitar el interbloqueo recursivo de mutex_lock().

14 Feb 2026, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-14 17:15

Updated : 2026-03-19 18:04

NVD link : CVE-2026-23188

Mitre link : CVE-2026-23188

CVE.ORG link : CVE-2026-23188

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

5.5 /10