In the Linux kernel, the following vulnerability has been resolved:
usbnet:fix NPE during rx_complete
Missing usbnetgoingaway Check in Critical Path. The usbsubmiturb function lacks a usbnetgoingaway validation, whereas _usbnetqueue_skb includes this check.
This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued.
Subsequent processes: (e.g., rxcomplete → deferbh → _skbunlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic).
[ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f10f83acfd619e13c64d6705908dfd792f19544", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-14e1b7c7" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d689645cd1594ea1d13cb0c404f8ad1011353e0e", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-1776b7c9" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd9ee3f0d6a53844f65efde581c91bbb0ff749ac", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-2ad253ae" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95789c2f94fd29dce8759f9766baa333f749287c", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-2f9e544a" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51de3600093429e3b712e5f091d767babc5dd6df", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-315bb2d8" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acacd48a37b52fc95f621765762c04152b58d642", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-32e05438" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51de3600093429e3b712e5f091d767babc5dd6df", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-634da2a3" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0f10f83acfd619e13c64d6705908dfd792f19544", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-63cec8ae" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c30988588b28393e3e8873d5654f910e86391ba", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-65ed48d9" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fd9ee3f0d6a53844f65efde581c91bbb0ff749ac", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-67b3de24" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d689645cd1594ea1d13cb0c404f8ad1011353e0e", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-7b15b077" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95789c2f94fd29dce8759f9766baa333f749287c", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-7e400081" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c30988588b28393e3e8873d5654f910e86391ba", "target": { "function": "rx_submit", "file": "drivers/net/usb/usbnet.c" }, "digest": { "function_hash": "334029622977154657700006993588200664739", "length": 1777.0 }, "deprecated": false, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2025-22050-ae643600" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@acacd48a37b52fc95f621765762c04152b58d642", "target": { "file": "drivers/net/usb/usbnet.c" }, "digest": { "line_hashes": [ "88262486813518356019270343575142716439", "160551851304807415769883841081801966081", "287665093586407486172526841380596596589", "294905659102644426614163837936892981237", "325836125994309005815493921194374202552", "55577244340699740837671159217030889976", "187315081970120837450852065040761677026", "257819185195498701834786422279474335150", "325761239563240418494520786393893632504" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2025-22050-e9a60ed0" } ]