PT-2025-40690 · Linux+1 · Linux Kernel+1

Published

2023-07-13

Updated

2026-03-27

CVE-2023-53548

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6

Description The usbnet driver in the Linux kernel has an issue where it trusts the bulk endpoint addresses received during the probe routine without verifying their existence, type, or direction. This can lead to a WARNING message in usbnet start xmit/usb submit urb and potentially other issues. The syzbot fuzzer identified this problem. The fix involves adding a check to ensure the endpoints actually exist and have the expected type and directions.

Recommendations Update to a version later than 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2026-01503

CVE-2023-53548

OESA-2025-2469

OESA-2026-1762

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Affected Products

Linux Kernel

Suse

PT-2025-40690 · Linux+1 · Linux Kernel+1

CVE-2023-53548

Weakness Enumeration

Related Identifiers

Affected Products

References · 1405