CVE-2026-43255 - Vulnerability Details

- wifi: libertas: fix WARNING in usb_tx_block

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: libertas: fix WARNING in usb_tx_block

The function usb_tx_block() submits cardp->tx_urb without ensuring that
any previous transmission on this URB has completed. If a second call
occurs while the URB is still active (e.g. during rapid firmware loading),
usb_submit_urb() detects the active state and triggers a warning:
'URB submitted while active'.

Fix this by enforcing serialization: call usb_kill_urb() before
submitting the new request. This ensures the URB is idle and safe to reuse.

Published: 2026-05-06

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The libertas Wi‑Fi driver in the Linux kernel contains a flaw in usb_tx_block where a USB request block (URB) is submitted without first ensuring that the previous transmission on that URB has completed. Re‑submitting an active URB triggers a warning: "URB submitted while active." This warning indicates a failure to serialize USB traffic and could lead to driver instability or a denial of service if repeated during rapid firmware loading or busy USB activity. No explicit crash or integrity compromise is documented in the advisory; the impact is limited to potential service disruption of the wireless adapter.

Affected Systems

All Linux kernel releases that ship the unpatched libertas Wi‑Fi driver are affected. The advisory does not list specific kernel versions; therefore any distribution distribution or custom kernel that includes the libertas module without the commit that adds usb_kill_urb before usb_submit_urb may be vulnerable.

Risk and Exploitability

The advisory does not provide a CVSS score and the EPSS is not available. The vulnerability is not listed in CISA KEV and no public exploits are known. The risk is primarily limited to repeated warnings that could destabilize the driver under rapid firmware reloads or heavy USB traffic. Patch remains the recommended mitigation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 498525d8358d6d20918787e59736d5b6a021e9fd
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 2902a9b4415a6bafc9b1e5dd360f065d757a0bb7
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 948a39c95d0f8d73722910f8cdb7b6e3e9206232
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 5bfb25495e391a1be0db94b15715174fa06b93a1
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< b82073564373e68c6ae3a96039fae14cd002a496
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 3308c7504e093b22e91a4468470309cee2e26b83
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< fc188b44547dea4e7350833171982a6312befde9
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d66676e6ca96bf8680f869a9bd6573b26c634622

Linux

affected

Version	Status	Constraints
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,498525d8358d6d20918787e59736d5b6a021e9fd)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2902a9b4415a6bafc9b1e5dd360f065d757a0bb7)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,948a39c95d0f8d73722910f8cdb7b6e3e9206232)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,5bfb25495e391a1be0db94b15715174fa06b93a1)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,b82073564373e68c6ae3a96039fae14cd002a496)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,3308c7504e093b22e91a4468470309cee2e26b83)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fc188b44547dea4e7350833171982a6312befde9)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d66676e6ca96bf8680f869a9bd6573b26c634622)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the kernel patch that inserts usb_kill_urb before each usb_submit_urb in usb_tx_block, or upgrade to a Linux kernel version that includes the fix.
Reload the libertas Wi‑Fi module or reboot the system to load the patched driver module.
Check for firmware updates for the wireless adapter that may mitigate rapid firmware loading and reduce risk of URB re‑submission.

Generated by OpenCVE AI on May 6, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2902a9b4415a6bafc9b1e5dd360f065d757a0bb7
https://git.kernel.org/stable/c/3308c7504e093b22e91a4468470309cee2e26b83
https://git.kernel.org/stable/c/498525d8358d6d20918787e59736d5b6a021e9fd
https://git.kernel.org/stable/c/5bfb25495e391a1be0db94b15715174fa06b93a1
https://git.kernel.org/stable/c/948a39c95d0f8d73722910f8cdb7b6e3e9206232
https://git.kernel.org/stable/c/b82073564373e68c6ae3a96039fae14cd002a496
https://git.kernel.org/stable/c/d66676e6ca96bf8680f869a9bd6573b26c634622
https://git.kernel.org/stable/c/fc188b44547dea4e7350833171982a6312befde9
https://lore.kernel.org/linux-cve-announce/2026050605-CVE-2026-43255-d0bf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43255
https://www.cve.org/CVERecord?id=CVE-2026-43255

History

Thu, 07 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050605-CVE-2026-43255-d0bf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43255 https://www.cve.org/CVERecord?id=CVE-2026-43255

Wed, 06 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usb_tx_block The function usb_tx_block() submits cardp->tx_urb without ensuring that any previous transmission on this URB has completed. If a second call occurs while the URB is still active (e.g. during rapid firmware loading), usb_submit_urb() detects the active state and triggers a warning: 'URB submitted while active'. Fix this by enforcing serialization: call usb_kill_urb() before submitting the new request. This ensures the URB is idle and safe to reuse.
Title		wifi: libertas: fix WARNING in usb_tx_block
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2902a9b4415a6bafc9b1e5dd360f065d757a0bb7 https://git.kernel.org/stable/c/3308c7504e093b22e91a4468470309cee2e26b83 https://git.kernel.org/stable/c/498525d8358d6d20918787e59736d5b6a021e9fd https://git.kernel.org/stable/c/5bfb25495e391a1be0db94b15715174fa06b93a1 https://git.kernel.org/stable/c/948a39c95d0f8d73722910f8cdb7b6e3e9206232 https://git.kernel.org/stable/c/b82073564373e68c6ae3a96039fae14cd002a496 https://git.kernel.org/stable/c/d66676e6ca96bf8680f869a9bd6573b26c634622 https://git.kernel.org/stable/c/fc188b44547dea4e7350833171982a6312befde9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:44.522Z

Updated: 2026-05-06T11:28:44.522Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43255

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:46.263

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43255

Redhat

Severity :

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43255 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-06T18:30:09Z

Weaknesses

CWE-362

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object