What is the severity of CVE-2025-40140?

CVE-2025-40140 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-40140?

No known public exploits are currently available for CVE-2025-40140.

Is there a patch available for CVE-2025-40140?

Yes, patches are available for CVE-2025-40140. Check the vendor advisories for update instructions.

CVE-2025-40140 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast

syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning:

rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); }

rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done }

rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission }

rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization.

The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-