| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123002-CVE-2023-54277-0970@gregkh> Date: Tue, 30 Dec 2025 13:20:43 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54277: fbdev: udlfb: Fix endpoint check From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 ... Call Trace: <TASK> dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980 dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315 dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111 dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743 The current approach for this issue failed to catch the problem because it only checks for the existence of a bulk-OUT endpoint; it doesn't check whether this endpoint is the one that the driver will actually use. We can fix the problem by instead checking that the endpoint used by the driver does exist and is bulk-OUT. The Linux kernel CVE team has assigned CVE-2023-54277 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.192 with commit f6db63819db632158647d5bbf4d7d2d90dc1a268 and fixed in 5.4.244 with commit 1522dc58bff87af79461b96d90ec122e9e726004 Issue introduced in 5.10.114 with commit c4fb41bdf4d6ccca850c4af5d707d14a0fb717a7 and fixed in 5.10.181 with commit 58ecc165abdaed85447455e6dc396758e8c6f219 Issue introduced in 5.15.38 with commit 4df1584738f1dc6f0dd854d258bba48591f1ed0e and fixed in 5.15.114 with commit 9e12c58a5ece41be72157cef348576b135c9fc72 Issue introduced in 5.18 with commit aaf7dbe07385e0b8deb7237eca2a79926bbc7091 and fixed in 6.1.31 with commit c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef Issue introduced in 5.18 with commit aaf7dbe07385e0b8deb7237eca2a79926bbc7091 and fixed in 6.3.5 with commit e19383e5dee5adbf3d19f3f210f440a88d1b7dde Issue introduced in 5.18 with commit aaf7dbe07385e0b8deb7237eca2a79926bbc7091 and fixed in 6.4 with commit ed9de4ed39875706607fb08118a58344ae6c5f42 Issue introduced in 5.17.6 with commit 895ea8a290ba87850bcaf2ecfcddef75a014fa54 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54277 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/video/fbdev/udlfb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1522dc58bff87af79461b96d90ec122e9e726004 https://git.kernel.org/stable/c/58ecc165abdaed85447455e6dc396758e8c6f219 https://git.kernel.org/stable/c/9e12c58a5ece41be72157cef348576b135c9fc72 https://git.kernel.org/stable/c/c8fdf7feca77cd99e25ef0a1e9e72dfc83add8ef https://git.kernel.org/stable/c/e19383e5dee5adbf3d19f3f210f440a88d1b7dde https://git.kernel.org/stable/c/ed9de4ed39875706607fb08118a58344ae6c5f42
Powered by blists - more mailing lists