CVE-2026-52982: In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150_st
Summary
A use-after-free vulnerability (UAF, where code tries to access memory that has already been freed) was found in the Linux kernel's rtl8150 USB network driver in the rtl8150_start_xmit() function. The bug occurred because the code was reading skb->len (a data packet's length) after the packet had already been freed by the USB completion handler on another CPU, causing a memory safety violation.
Solution / Mitigation
Fix it by caching skb->len before submitting the URB (USB Request Block, a request to send data over USB) and using the cached value when updating the tx_bytes counter instead of reading skb->len after the URB submission.
Vulnerability Details
EPSS: 0.0%
June 24, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-52982
First tracked: June 24, 2026 at 02:02 PM
Classified by LLM (prompt v3) · confidence: 95%