CVE-2023-53644
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/10/2025
Last modified:
03/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: radio-shark: Add endpoint checks<br />
<br />
The syzbot fuzzer was able to provoke a WARNING from the radio-shark2<br />
driver:<br />
<br />
------------[ cut here ]------------<br />
usb 1-1: BOGUS urb xfer, pipe 1 != type 3<br />
WARNING: CPU: 0 PID: 3271 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504<br />
Modules linked in:<br />
CPU: 0 PID: 3271 Comm: kworker/0:3 Not tainted 6.1.0-rc4-syzkaller #0<br />
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022<br />
Workqueue: usb_hub_wq hub_event<br />
RIP: 0010:usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504<br />
Code: 7c 24 18 e8 00 36 ea fb 48 8b 7c 24 18 e8 36 1c 02 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 b6 90 8a e8 9a 29 b8 03 0b e9 58 f8 ff ff e8 d2 35 ea fb 48 81 c5 c0 05 00 00 e9 84 f7<br />
RSP: 0018:ffffc90003876dd0 EFLAGS: 00010282<br />
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000<br />
RDX: ffff8880750b0040 RSI: ffffffff816152b8 RDI: fffff5200070edac<br />
RBP: ffff8880172d81e0 R08: 0000000000000005 R09: 0000000000000000<br />
R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001<br />
R13: ffff8880285c5040 R14: 0000000000000002 R15: ffff888017158200<br />
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 00007ffe03235b90 CR3: 000000000bc8e000 CR4: 00000000003506f0<br />
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br />
Call Trace:<br />
<br />
usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58<br />
usb_bulk_msg+0x226/0x550 drivers/usb/core/message.c:387<br />
shark_write_reg+0x1ff/0x2e0 drivers/media/radio/radio-shark2.c:88<br />
...<br />
<br />
The problem was caused by the fact that the driver does not check<br />
whether the endpoints it uses are actually present and have the<br />
appropriate types. This can be fixed by adding a simple check of<br />
these endpoints (and similarly for the radio-shark driver).
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.6 (including) | 4.14.316 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.284 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.244 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.181 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.114 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.31 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.3.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2b580d0f03c4fc00013cd08f9ed96b87a08fd0d9
- https://git.kernel.org/stable/c/3ed6a312ac1e7278f92b1b3d95377b335ae21e89
- https://git.kernel.org/stable/c/4c3057a1927fa0b9ed8948b6f3b56b4ff9fa63d3
- https://git.kernel.org/stable/c/53764a17f5d8f0d00b13297d06b5e65fa844288b
- https://git.kernel.org/stable/c/76e31045ba030e94e72105c01b2e98f543d175ac
- https://git.kernel.org/stable/c/8a30dce9d7f70f8438956f6a01142b926c301334
- https://git.kernel.org/stable/c/afd72825b4fcb7ae4015e1c93b054f4c37a25684
- https://git.kernel.org/stable/c/b1bde4b4360c3d8a35504443efabd3243b802805