CVE-2023-53548 in Linux
Summary
by MITRE • 10/04/2025
In the Linux kernel, the following vulnerability has been resolved:
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
The syzbot fuzzer identified a problem in the usbnet driver:
usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Workqueue: mld mld_ifc_work RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7 RSP: 0018:ffffc9000463f568 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001 RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003 R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0 Call Trace: <TASK> usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453 __netdev_start_xmit include/linux/netdevice.h:4918 [inline]
netdev_start_xmit include/linux/netdevice.h:4932 [inline]
xmit_one net/core/dev.c:3578 [inline]
dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594 ...
This bug is caused by the fact that usbnet trusts the bulk endpoint addresses its probe routine receives in the driver_info structure, and it does not check to see that these endpoints actually exist and have the expected type and directions.
The fix is simply to add such a check.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/02/2026
The vulnerability described in CVE-2023-53548 resides within the Linux kernel's usbnet driver, specifically manifesting as a WARNING during packet transmission operations. This issue was identified through systematic fuzzing by the syzbot fuzzer, which revealed a critical inconsistency in how the driver handles USB Request Blocks (URBs). The warning message "BOGUS urb xfer, pipe 3 != type 1" indicates a fundamental mismatch between expected and actual USB transfer types, where the driver attempts to submit a URB with pipe type 3 while expecting type 1, suggesting a severe configuration error in endpoint handling.
The technical flaw stems from insufficient validation within the usbnet driver's probe routine, where the driver blindly trusts endpoint addresses provided in the driver_info structure without verifying their existence or correctness. This design oversight allows for potential exploitation through malformed USB device configurations or malicious device enumeration. The vulnerability specifically impacts the usbnet_start_xmit function which calls usb_submit_urb, leading to kernel panic conditions when the endpoint type mismatch occurs. According to CWE-248, this represents an unspecified return value that can lead to unexpected behavior, while the ATT&CK technique T1059.007 covers the exploitation of kernel vulnerabilities through malformed input handling.
The operational impact of this vulnerability extends beyond simple driver instability, potentially allowing for privilege escalation or system compromise when exploited in kernel contexts. The warning occurs during critical network packet transmission, meaning that legitimate network operations could be disrupted or exploited to gain unauthorized access to system resources. The affected code path involves the USB core subsystem and network device drivers, making it particularly dangerous in environments where USB network adapters are commonly used, such as in cloud computing environments or embedded systems. The fix implemented addresses the core issue by adding explicit endpoint validation checks before any URB submission occurs, ensuring that the driver only operates on valid and properly configured USB endpoints.
Mitigation strategies should include immediate kernel updates to versions containing the fix, along with monitoring for anomalous USB device behavior or kernel warnings related to USB endpoint configuration. System administrators should also implement USB device whitelisting policies to restrict which devices can connect to critical systems, particularly in server environments where USB network adapters might be exposed to untrusted users. The vulnerability demonstrates the importance of input validation in kernel space drivers and aligns with security best practices outlined in the Linux Kernel Security documentation, where proper endpoint verification and error handling are essential for maintaining system integrity. Organizations should also consider implementing automated patch management systems to ensure timely deployment of security fixes across all kernel versions in use.