{"id":"CVE-2023-53548","summary":"net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.","modified":"2026-03-20T12:33:13.418408Z","published":"2025-10-04T15:16:55.612Z","related":["SUSE-SU-2025:21040-1","SUSE-SU-2025:21052-1","SUSE-SU-2025:21056-1","SUSE-SU-2025:21064-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4111-1","SUSE-SU-2025:4128-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4140-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4189-1","SUSE-SU-2025:4301-1","SUSE-SU-2025:4320-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53548.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0dd3e0c31bf3e933fb85faf1443833aef90b8e46"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1bebbd9b8037a9cc75984317cb495dec4824c399"},{"type":"WEB","url":"https://git.kernel.org/stable/c/27d0f755d649d388fcd12f01436c9a33289e14e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/53c250ea57cf03af41339234b9855ae284f9db91"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5e1627cb43ddf1b24b92eb26f8d958a3f5676ccb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a05ac5d00eb7fcb2fda806caa4f56e88df6bc6bb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a0715d04cf687a7e21f0d6ac8c1d479294a3f6f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ec0d0be41721aca683c5606354a58ee2c687e3f8"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53548.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53548"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2e55cc7210fef90f88201e860d8767594974574e"},{"fixed":"a0715d04cf687a7e21f0d6ac8c1d479294a3f6f8"},{"fixed":"53c250ea57cf03af41339234b9855ae284f9db91"},{"fixed":"a05ac5d00eb7fcb2fda806caa4f56e88df6bc6bb"},{"fixed":"ec0d0be41721aca683c5606354a58ee2c687e3f8"},{"fixed":"27d0f755d649d388fcd12f01436c9a33289e14e3"},{"fixed":"1bebbd9b8037a9cc75984317cb495dec4824c399"},{"fixed":"0dd3e0c31bf3e933fb85faf1443833aef90b8e46"},{"fixed":"5e1627cb43ddf1b24b92eb26f8d958a3f5676ccb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53548.json"}}],"schema_version":"1.7.5"}