CVE-2026-43425

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: image: mdc800: kill download URB on timeout<br /> <br /> mdc800_device_read() submits download_urb and waits for completion.<br /> If the timeout fires and the device has not responded, the function<br /> returns without killing the URB, leaving it active.<br /> <br /> A subsequent read() resubmits the same URB while it is still<br /> in-flight, triggering the WARN in usb_submit_urb():<br /> <br /> "URB submitted while active"<br /> <br /> Check the return value of wait_event_timeout() and kill the URB if<br /> it indicates timeout, ensuring the URB is complete before its status<br /> is inspected or the URB is resubmitted.<br /> <br /> Similar to<br /> - commit 372c93131998 ("USB: yurex: fix control-URB timeout handling")<br /> - commit b98d5000c505 ("media: rc: iguanair: handle timeouts")