CVE-2026-52982 Linux CVE debrief

Who should care

Linux kernel users and maintainers should be aware of this vulnerability and take steps to patch their systems. The vulnerability is particularly concerning for systems that use the rtl8150 driver. Users of Linux distributions that include this driver should check with their distribution maintainers for patched packages.

Technical summary

The vulnerability occurs in the rtl8150_start_xmit() function of the Linux kernel. When usb_submit_urb() is called, the URB completion handler write_bulk_callback() may free the skb via dev_kfree_skb_irq(dev->tx_skb) on another CPU in softirq context before usb_submit_urb() returns in the submitter. This leads to a use-after-free error when accessing skb->len for tx statistics. The fix involves caching skb->len before submitting the URB and using the cached value when updating the tx_bytes counter.

Defensive priority

This vulnerability has a high defensive priority due to its CRITICAL CVSS score and potential for exploitation. Linux kernel users and maintainers should prioritize patching their systems to prevent potential attacks.

Recommended defensive actions

• Patch the Linux kernel to the latest version that includes the fix for CVE-2026-52982.
• Check Linux distribution repositories for patched packages.
• Use kernel update mechanisms provided by your Linux distribution.
• Monitor Linux kernel security advisories for future updates.
• Consider implementing compensating controls, such as network monitoring, to detect potential exploitation attempts.

Evidence notes

The vulnerability was reported by syzbot and resolved by caching skb->len before submitting the URB. The fix preserves the pre-existing tx_bytes semantics, which track the original frame length (skb->len). The vulnerability has a CVSS score of 9.8 and is considered CRITICAL.

Official resources