What is the severity of CVE-2026-23188?

CVE-2026-23188 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2026-23188?

No known public exploits are currently available for CVE-2026-23188.

Is there a patch available for CVE-2026-23188?

Yes, patches are available for CVE-2026-23188. Check the vendor advisories for update instructions.

CVE-2026-23188 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: r8152: fix resume reset deadlock

rtl8152 can trigger device reset during reset which potentially can result in a deadlock:

**** DPM device timeout after 10 seconds; 15 seconds until panic **** Call Trace: <TASK> schedule+0x483/0x1370 schedule_preempt_disabled+0x15/0x30 __mutex_lock_common+0x1fd/0x470 __rtl8152_set_mac_address+0x80/0x1f0 dev_set_mac_address+0x7f/0x150 rtl8152_post_reset+0x72/0x150 usb_reset_device+0x1d0/0x220 rtl8152_resume+0x99/0xc0 usb_resume_interface+0x3e/0xc0 usb_resume_both+0x104/0x150 usb_resume+0x22/0x110

The problem is that rtl8152 resume calls reset under tp->control mutex while reset basically re-enters rtl8152 and attempts to acquire the same tp->control lock once again.

Reset INACCESSIBLE device outside of tp->control mutex scope to avoid recursive mutex_lock() deadlock.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-