{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"
            },
            {
              "fixed": "443a830b1dc4f85c7560da59d4494b629feee215"
            },
            {
              "fixed": "586318c2730433184c6f1d21183e346ddf25e81d"
            },
            {
              "fixed": "a2cd4b4db315a845a5603d08c9d03b11ddfc799d"
            },
            {
              "fixed": "ef9b10a020503888eb6c8ed85a3d901a624ede4c"
            },
            {
              "fixed": "9c79b839a63980c7da7ec5db895198045e154112"
            },
            {
              "fixed": "fc393af769af845d9985e2845e49553d8f015a64"
            },
            {
              "fixed": "8367c0e90126426e60581e4c07e1ec4411a0f843"
            },
            {
              "fixed": "64868f5ecadeb359a49bc4485bfa7c497047f13a"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.12"
            },
            {
              "fixed": "5.10.252"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.202"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.165"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.16"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43180.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode\n\nkaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls\nnetif_stop_queue() and netif_wake_queue(). These are TX queue flow\ncontrol functions unrelated to RX multicast configuration.\n\nThe premature netif_wake_queue() can re-enable TX while tx_urb is still\nin-flight, leading to a double usb_submit_urb() on the same URB:\n\nkaweth_start_xmit() {\n    netif_stop_queue();\n    usb_submit_urb(kaweth-\u003etx_urb);\n}\n\nkaweth_set_rx_mode() {\n    netif_stop_queue();\n    netif_wake_queue();             // wakes TX queue before URB is done\n}\n\nkaweth_start_xmit() {\n    netif_stop_queue();\n    usb_submit_urb(kaweth-\u003etx_urb); // URB submitted while active\n}\n\nThis triggers the WARN in usb_submit_urb():\n\n  \"URB submitted while active\"\n\nThis is a similar class of bug fixed in rtl8150 by\n\n- commit 958baf5eaee3 (\"net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast\").\n\nAlso kaweth_set_rx_mode() is already functionally broken, the\nreal set_rx_mode action is performed by kaweth_async_set_rx_mode(),\nwhich in turn is not a no-op only at ndo_open() time.",
  "id": "CVE-2026-43180",
  "modified": "2026-07-08T05:38:22.203868866Z",
  "published": "2026-05-06T11:27:52.983Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/443a830b1dc4f85c7560da59d4494b629feee215"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/586318c2730433184c6f1d21183e346ddf25e81d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/64868f5ecadeb359a49bc4485bfa7c497047f13a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8367c0e90126426e60581e4c07e1ec4411a0f843"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c79b839a63980c7da7ec5db895198045e154112"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2cd4b4db315a845a5603d08c9d03b11ddfc799d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef9b10a020503888eb6c8ed85a3d901a624ede4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc393af769af845d9985e2845e49553d8f015a64"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43180.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43180"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode"
}