VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54213

CVE-2023-54213

Description

In the Linux kernel, the following vulnerability has been resolved:

USB: sisusbvga: Add endpoint checks

The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver:

------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Code: 7c 24 18 e8 6c 50 80 fb 48 8b 7c 24 18 e8 62 1a 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 b1 fa 8a e8 84 b0 be 03 <0f> 0b e9 58 f8 ff ff e8 3e 50 80 fb 48 81 c5 c0 05 00 00 e9 84 f7 RSP: 0018:ffffc90000a1ed18 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff888012783a80 RSI: ffffffff816680ec RDI: fffff52000143d95 RBP: ffff888079020000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000003 R13: ffff888017d33370 R14: 0000000000000003 R15: ffff888021213600 FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005592753a60b0 CR3: 0000000022899000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:

sisusb_bulkout_msg drivers/usb/misc/sisusbvga/sisusbvga.c:224 [inline] sisusb_send_bulk_msg.constprop.0+0x904/0x1230 drivers/usb/misc/sisusbvga/sisusbvga.c:379 sisusb_send_bridge_packet drivers/usb/misc/sisusbvga/sisusbvga.c:567 [inline] sisusb_do_init_gfxdevice drivers/usb/misc/sisusbvga/sisusbvga.c:2077 [inline] sisusb_init_gfxdevice+0x87b/0x4000 drivers/usb/misc/sisusbvga/sisusbvga.c:2177 sisusb_probe+0x9cd/0xbe2 drivers/usb/misc/sisusbvga/sisusbvga.c:2869 ...

The problem was caused by the fact that the driver does not check whether the endpoints it uses are actually present and have the appropriate types. This can be fixed by adding a simple check of the endpoints.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Linux kernel's sisusbvga driver lacked USB endpoint sanity checks, allowing a physically present attacker to trigger a kernel WARNING via a malicious USB device.

Vulnerability

Overview

In the Linux kernel, the sisusbvga driver (drivers/usb/misc/sisusbvga/sisusbvga.c) failed to validate USB endpoint descriptors before use. A physically present attacker could plug a malicious USB device that provides an endpoint of type BULK but with a mismatched direction (e.g., using pipe direction OUT while the endpoint is IN). When the driver calls sisusb_bulkout_msgusb_submit_urb, the mismatch causes a WARNING in usb_submit_urb at drivers/usb/core/urb.c:504, leading to a kernel splat and potential denial of service.

Attack

Vector and Prerequisites

The vulnerability is triggered during device enumeration. No authentication is required; an attacker only needs physical access to a USB port on the target system. By inserting a specially crafted USB device that advertises a BULK endpoint with an incorrect direction (opposite pipe type), the sisusb_send_bulk_msg function attempts to submit an URB with a pipe that does not match the endpoint's type. The kernel's usb_submit_urb then detects the inconsistency and issues a WARNING: CPU: ... at drivers/usb/core/urb.c:504 usb_submit_urb with the message "BOGUS urb xfer, pipe 3 != type 1".

Impact

An attacker with physical USB access can cause a kernel warning (BUG/WARNING), crashing the system or disrupting normal operation. The impact is primarily a denial-of-service (DoS) condition because the warning messages can flood the kernel log, and the overall system stability may be compromised. No privilege escalation or data exfiltration is described.

Mitigation

The fix adds proper endpoint checks in sisusbvga.c before submitting URBs, ensuring that the endpoint type and direction are consistent. The patches have been backported to stable kernel trees [1][2][3]. Affected users should update their kernel to include the commit referenced in the fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

8
bccb2ccb6551
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a8f980ecb011
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a730feb672c7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ccef03c51135
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
43f569fd0699
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d5dba4b7bf90
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
0f9028b6ffaa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
df05a9b05e46
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.