CVE-2023-53761

UNKNOWN 0.0

USB: usbtmc: Fix direction for 0-length ioctl control messages

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the driver does not check that the direction is set to OUT: ------------[ cut here ]------------ usb 3-1: BOGUS control dir, pipe 80000b80 doesn't match bRequestType fd WARNING: CPU: 0 PID: 5100 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 Modules linked in: CPU: 0 PID: 5100 Comm: syz-executor428 Not tainted 6.3.0-syzkaller-12049-g58390c8ce1bd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 RIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 Code: 7c 24 40 e8 1b 13 5c fb 48 8b 7c 24 40 e8 21 1d f0 fe 45 89 e8 44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 e0 b5 fc 8a e8 19 c8 23 fb <0f> 0b e9 9f ee ff ff e8 ed 12 5c fb 0f b6 1d 12 8a 3c 08 31 ff 41 RSP: 0018:ffffc90003d2fb00 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8880789e9058 RCX: 0000000000000000 RDX: ffff888029593b80 RSI: ffffffff814c1447 RDI: 0000000000000001 RBP: ffff88801ea742f8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88802915e528 R13: 00000000000000fd R14: 0000000080000b80 R15: ffff8880222b3100 FS: 0000555556ca63c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9ef4d18150 CR3: 0000000073e5b000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153 usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1954 [inline] usbtmc_ioctl+0x1b3d/0x2840 drivers/usb/class/usbtmc.c:2097 To fix this, we must override the direction in the bRequestType field of the control request structure when the length is 0.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 8, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

658f24f4523e41cda6a389c38b763f4c0cad6fbc < 7cef7681aa7719ff585dd06113a061ab2def7da0 658f24f4523e41cda6a389c38b763f4c0cad6fbc < 6340e432cf70bf156b19c6f5dd737d940eca02a3 658f24f4523e41cda6a389c38b763f4c0cad6fbc < 3b43d9df27a708f4079d518b879f517fea150a91 658f24f4523e41cda6a389c38b763f4c0cad6fbc < 0ced12bdf624d8d8977ddb16eb130cd479d92bcf 658f24f4523e41cda6a389c38b763f4c0cad6fbc < 50775a046c68e1d157d5e413cae2e5e00da1c463 658f24f4523e41cda6a389c38b763f4c0cad6fbc < 94d25e9128988c6a1fc9070f6e98215a95795bd8

Linux / Linux

4.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/7cef7681aa7719ff585dd06113a061ab2def7da0 git.kernel.org: https://git.kernel.org/stable/c/6340e432cf70bf156b19c6f5dd737d940eca02a3 git.kernel.org: https://git.kernel.org/stable/c/3b43d9df27a708f4079d518b879f517fea150a91 git.kernel.org: https://git.kernel.org/stable/c/0ced12bdf624d8d8977ddb16eb130cd479d92bcf git.kernel.org: https://git.kernel.org/stable/c/50775a046c68e1d157d5e413cae2e5e00da1c463 git.kernel.org: https://git.kernel.org/stable/c/94d25e9128988c6a1fc9070f6e98215a95795bd8