CVE-2023-54277

EPSS 0.04%
Veröffentlicht 30.12.2025 12:16:05
Zuletzt bearbeitet 31.12.2025 20:42:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

fbdev: udlfb: Fix endpoint check

The syzbot fuzzer detected a problem in the udlfb driver, caused by an
endpoint not having the expected type:

usb 1-1: Read EDID byte 0 failed: -71
usb 1-1: Unable to get valid EDID from device/display
------------[ cut here ]------------
usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880
drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted
6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
04/28/2023
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
...
Call Trace:
 <TASK>
 dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980
 dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315
 dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111
 dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743

The current approach for this issue failed to catch the problem
because it only checks for the existence of a bulk-OUT endpoint; it
doesn't check whether this endpoint is the one that the driver will
actually use.

We can fix the problem by instead checking that the endpoint used by
the driver does exist and is bulk-OUT.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 1522dc58bff87af79461b96d90ec122e9e726004

Version f6db63819db632158647d5bbf4d7d2d90dc1a268

Status affected

Version < 58ecc165abdaed85447455e6dc396758e8c6f219

Version c4fb41bdf4d6ccca850c4af5d707d14a0fb717a7

Status affected

Version < 9e12c58a5ece41be72157cef348576b135c9fc72

Version 4df1584738f1dc6f0dd854d258bba48591f1ed0e

Status affected

Version < c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef

Version aaf7dbe07385e0b8deb7237eca2a79926bbc7091

Status affected

Version < e19383e5dee5adbf3d19f3f210f440a88d1b7dde

Version aaf7dbe07385e0b8deb7237eca2a79926bbc7091

Status affected

Version < ed9de4ed39875706607fb08118a58344ae6c5f42

Version aaf7dbe07385e0b8deb7237eca2a79926bbc7091

Status affected

Version 895ea8a290ba87850bcaf2ecfcddef75a014fa54

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.244

Status unaffected

Version <= 5.10.*

Version 5.10.181

Status unaffected

Version <= 5.15.*

Version 5.15.114

Status unaffected

Version <= 6.1.*

Version 6.1.31

Status unaffected

Version <= 6.3.*

Version 6.3.5

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1522dc58bff87af79461b96d90ec122e9e726004

https://git.kernel.org/stable/c/58ecc165abdaed85447455e6dc396758e8c6f219

https://git.kernel.org/stable/c/9e12c58a5ece41be72157cef348576b135c9fc72

https://git.kernel.org/stable/c/c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef

https://git.kernel.org/stable/c/e19383e5dee5adbf3d19f3f210f440a88d1b7dde

https://git.kernel.org/stable/c/ed9de4ed39875706607fb08118a58344ae6c5f42

https://nvd.nist.gov/vuln/detail/CVE-2023-54277

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54277

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54277

EUVD