In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800_device_read() submits download_urb and waits for completion. If the timeout fires and the device has not responded, the function returns without killing the URB, leaving it active. A subsequent read() resubmits the same URB while it is still in-flight, triggering the WARN in usb_submit_urb(): "URB submitted while active" Check the return value of wait_event_timeout() and kill the URB if it indicates timeout, ensuring the URB is complete before its status is inspected or the URB is resubmitted. Similar to - commit 372c93131998 ("USB: yurex: fix control-URB timeout handling") - commit b98d5000c505 ("media: rc: iguanair: handle timeouts")

A flaw was found in the Linux kernel's mdc800 USB image driver. When the driver attempts to read data from a USB device, a timeout can occur, leaving a USB Request Block (URB) in an active state. If a subsequent read operation is initiated, the driver may attempt to resubmit this already active URB. This improper handling of URBs can lead to system instability or a denial of service.

Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43425 https://nvd.nist.gov/vuln/detail/CVE-2026-43425 https://lore.kernel.org/linux-cve-announce/2026050848-CVE-2026-43425-866e@gregkh/T