Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: libertas: don't kill URBs in interrupt context

Serialization for the TX path was enforced by calling
usb_kill_urb()/usb_kill_anchored_urbs(), to prevent transmission before
a previous URB was completed. usb_tx_block() can be called from
interrupt context (e.g. in the HCD giveback path), so we can't always
use it to kill in-flight URBs.

Prevent sleeping during interrupt context by checking the tx_submitted
anchor for existing URBs. We now return -EBUSY, to indicate there's
a pending request.
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that calling usb_kill_urb() from interrupt context can trigger a kernel panic or a prolonged deadlock, effectively taking down the WLAN interface and potentially the entire host. The mitigation replaces the call with a simple return of –EBUSY, preventing the risk while preserving normal operation.

Affected Systems

All Linux kernel builds that include the libertas Wi‑Fi driver before the applied patch are potentially vulnerable. The CVE data does not specify particular kernel versions, so any installation containing the unpatched driver issue is confined to the kernel driver layer and does not affect user‑space programs directly.

Risk and Exploitability

Based on the description, the flaw poses a high impact due to the inferred possibility of a kernel crash or deadlock. Its EPSS score of <1% and absence from the CISA KEV catalog indicate that no public exploits are local or privileged access to the affected host to trigger the interrupt‑context condition, thereby limiting the threat to compromised or locally connected systems.

Generated by OpenCVE AI on June 26, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to the latest stable release that incorporates the libertas driver fix (e.g., the commit referenced in the CVE references).
  • the libertas and libertasusb modules to prevent the vulnerable driver from loading until the patch is applied.
  • Continuously monitor your distribution’s security advisories and apply future kernel updates to maintain protection against this and related kernel vulnerabilities.

Generated by OpenCVE AI on June 26, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-749

Fri, 26 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-749

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: don't kill URBs in interrupt context Serialization for the TX path was enforced by calling usb_kill_urb()/usb_kill_anchored_urbs(), to prevent transmission before a previous URB was completed. usb_tx_block() can be called from interrupt context (e.g. in the HCD giveback path), so we can't always use it to kill in-flight URBs. Prevent sleeping during interrupt context by checking the tx_submitted anchor for existing URBs. We now return -EBUSY, to indicate there's a pending request.
Title wifi: libertas: don't kill URBs in interrupt context
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:42.056Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53107

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53107 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T06:00:14Z

Weaknesses
  • CWE-663

    Use of a Non-reentrant Function in a Concurrent Context