๐Ÿ” CVE Alert

CVE-2023-53548

UNKNOWN 0.0

net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Workqueue: mld mld_ifc_work RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7 RSP: 0018:ffffc9000463f568 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001 RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003 R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0 Call Trace: <TASK> usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453 __netdev_start_xmit include/linux/netdevice.h:4918 [inline] netdev_start_xmit include/linux/netdevice.h:4932 [inline] xmit_one net/core/dev.c:3578 [inline] dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594 ... This bug is caused by the fact that usbnet trusts the bulk endpoint addresses its probe routine receives in the driver_info structure, and it does not check to see that these endpoints actually exist and have the expected type and directions. The fix is simply to add such a check.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Oct 4, 2025
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
2e55cc7210fef90f88201e860d8767594974574e < a0715d04cf687a7e21f0d6ac8c1d479294a3f6f8 2e55cc7210fef90f88201e860d8767594974574e < 53c250ea57cf03af41339234b9855ae284f9db91 2e55cc7210fef90f88201e860d8767594974574e < a05ac5d00eb7fcb2fda806caa4f56e88df6bc6bb 2e55cc7210fef90f88201e860d8767594974574e < ec0d0be41721aca683c5606354a58ee2c687e3f8 2e55cc7210fef90f88201e860d8767594974574e < 27d0f755d649d388fcd12f01436c9a33289e14e3 2e55cc7210fef90f88201e860d8767594974574e < 1bebbd9b8037a9cc75984317cb495dec4824c399 2e55cc7210fef90f88201e860d8767594974574e < 0dd3e0c31bf3e933fb85faf1443833aef90b8e46 2e55cc7210fef90f88201e860d8767594974574e < 5e1627cb43ddf1b24b92eb26f8d958a3f5676ccb
Linux / Linux
2.6.14

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/a0715d04cf687a7e21f0d6ac8c1d479294a3f6f8 git.kernel.org: https://git.kernel.org/stable/c/53c250ea57cf03af41339234b9855ae284f9db91 git.kernel.org: https://git.kernel.org/stable/c/a05ac5d00eb7fcb2fda806caa4f56e88df6bc6bb git.kernel.org: https://git.kernel.org/stable/c/ec0d0be41721aca683c5606354a58ee2c687e3f8 git.kernel.org: https://git.kernel.org/stable/c/27d0f755d649d388fcd12f01436c9a33289e14e3 git.kernel.org: https://git.kernel.org/stable/c/1bebbd9b8037a9cc75984317cb495dec4824c399 git.kernel.org: https://git.kernel.org/stable/c/0dd3e0c31bf3e933fb85faf1443833aef90b8e46 git.kernel.org: https://git.kernel.org/stable/c/5e1627cb43ddf1b24b92eb26f8d958a3f5676ccb