PT-2025-54106 · Linux · Linux Kernel

Published

2025-12-30

Updated

2026-02-24

CVE-2023-54277

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc1-syzkaller-00016-ga4422ff22142

Description The udlfb driver in the Linux kernel has an issue where it does not properly validate the endpoint type. Specifically, the driver only checks for the existence of a bulk-OUT endpoint but does not verify that it is the correct endpoint to be used. This can lead to errors when reading the EDID, potentially causing issues with display functionality. The syzbot fuzzer identified this problem, triggering a BOGUS urb xfer error. The issue occurs during the submission of a USB urb, as observed in the call trace involving usb submit urb and dlfb submit urb.

Recommendations Update to Linux kernel version 6.4.0-rc1-syzkaller-00016-ga4422ff22142 or a later version to address this issue.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-54277

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-54106 · Linux · Linux Kernel

CVE-2023-54277

Related Identifiers

Affected Products

References · 976