CVE-2023-54277 (GCVE-0-2023-54277)
Vulnerability from cvelistv5
Published
2025-12-30 12:16
Modified
2025-12-30 12:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 ... Call Trace: <TASK> dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980 dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315 dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111 dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743 The current approach for this issue failed to catch the problem because it only checks for the existence of a bulk-OUT endpoint; it doesn't check whether this endpoint is the one that the driver will actually use. We can fix the problem by instead checking that the endpoint used by the driver does exist and is bulk-OUT.
References
Impacted products
Vendor Product Version
Linux Linux Version: f6db63819db632158647d5bbf4d7d2d90dc1a268
Version: c4fb41bdf4d6ccca850c4af5d707d14a0fb717a7
Version: 4df1584738f1dc6f0dd854d258bba48591f1ed0e
Version: aaf7dbe07385e0b8deb7237eca2a79926bbc7091
Version: aaf7dbe07385e0b8deb7237eca2a79926bbc7091
Version: aaf7dbe07385e0b8deb7237eca2a79926bbc7091
Version: 895ea8a290ba87850bcaf2ecfcddef75a014fa54
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/udlfb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1522dc58bff87af79461b96d90ec122e9e726004",
              "status": "affected",
              "version": "f6db63819db632158647d5bbf4d7d2d90dc1a268",
              "versionType": "git"
            },
            {
              "lessThan": "58ecc165abdaed85447455e6dc396758e8c6f219",
              "status": "affected",
              "version": "c4fb41bdf4d6ccca850c4af5d707d14a0fb717a7",
              "versionType": "git"
            },
            {
              "lessThan": "9e12c58a5ece41be72157cef348576b135c9fc72",
              "status": "affected",
              "version": "4df1584738f1dc6f0dd854d258bba48591f1ed0e",
              "versionType": "git"
            },
            {
              "lessThan": "c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef",
              "status": "affected",
              "version": "aaf7dbe07385e0b8deb7237eca2a79926bbc7091",
              "versionType": "git"
            },
            {
              "lessThan": "e19383e5dee5adbf3d19f3f210f440a88d1b7dde",
              "status": "affected",
              "version": "aaf7dbe07385e0b8deb7237eca2a79926bbc7091",
              "versionType": "git"
            },
            {
              "lessThan": "ed9de4ed39875706607fb08118a58344ae6c5f42",
              "status": "affected",
              "version": "aaf7dbe07385e0b8deb7237eca2a79926bbc7091",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "895ea8a290ba87850bcaf2ecfcddef75a014fa54",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/udlfb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.244",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.244",
                  "versionStartIncluding": "5.4.192",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.181",
                  "versionStartIncluding": "5.10.114",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.114",
                  "versionStartIncluding": "5.15.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.31",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.5",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.17.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: udlfb: Fix endpoint check\n\nThe syzbot fuzzer detected a problem in the udlfb driver, caused by an\nendpoint not having the expected type:\n\nusb 1-1: Read EDID byte 0 failed: -71\nusb 1-1: Unable to get valid EDID from device/display\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880\ndrivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 9 Comm: kworker/0:1 Not tainted\n6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n04/28/2023\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n \u003cTASK\u003e\n dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980\n dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315\n dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111\n dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743\n\nThe current approach for this issue failed to catch the problem\nbecause it only checks for the existence of a bulk-OUT endpoint; it\ndoesn\u0027t check whether this endpoint is the one that the driver will\nactually use.\n\nWe can fix the problem by instead checking that the endpoint used by\nthe driver does exist and is bulk-OUT."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:16:05.690Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1522dc58bff87af79461b96d90ec122e9e726004"
        },
        {
          "url": "https://git.kernel.org/stable/c/58ecc165abdaed85447455e6dc396758e8c6f219"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e12c58a5ece41be72157cef348576b135c9fc72"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/e19383e5dee5adbf3d19f3f210f440a88d1b7dde"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed9de4ed39875706607fb08118a58344ae6c5f42"
        }
      ],
      "title": "fbdev: udlfb: Fix endpoint check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54277",
    "datePublished": "2025-12-30T12:16:05.690Z",
    "dateReserved": "2025-12-30T12:06:44.524Z",
    "dateUpdated": "2025-12-30T12:16:05.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54277\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:16.643\",\"lastModified\":\"2025-12-31T20:42:43.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfbdev: udlfb: Fix endpoint check\\n\\nThe syzbot fuzzer detected a problem in the udlfb driver, caused by an\\nendpoint not having the expected type:\\n\\nusb 1-1: Read EDID byte 0 failed: -71\\nusb 1-1: Unable to get valid EDID from device/display\\n------------[ cut here ]------------\\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\\nWARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880\\ndrivers/usb/core/urb.c:504\\nModules linked in:\\nCPU: 0 PID: 9 Comm: kworker/0:1 Not tainted\\n6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\\n04/28/2023\\nWorkqueue: usb_hub_wq hub_event\\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\\n...\\nCall Trace:\\n \u003cTASK\u003e\\n dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980\\n dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315\\n dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111\\n dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743\\n\\nThe current approach for this issue failed to catch the problem\\nbecause it only checks for the existence of a bulk-OUT endpoint; it\\ndoesn\u0027t check whether this endpoint is the one that the driver will\\nactually use.\\n\\nWe can fix the problem by instead checking that the endpoint used by\\nthe driver does exist and is bulk-OUT.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1522dc58bff87af79461b96d90ec122e9e726004\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/58ecc165abdaed85447455e6dc396758e8c6f219\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9e12c58a5ece41be72157cef348576b135c9fc72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e19383e5dee5adbf3d19f3f210f440a88d1b7dde\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ed9de4ed39875706607fb08118a58344ae6c5f42\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.