{"schema_version":"1.7.2","id":"OESA-2026-1762","modified":"2026-03-27T14:07:32Z","published":"2026-03-27T14:07:32Z","upstream":["CVE-2023-53548"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.(CVE-2023-53548)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2603.3.0.0366.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","perf-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2603.3.0.0366.oe2003sp4.src.rpm"],"x86_64":["bpftool-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","perf-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2603.3.0.0366.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1762"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53548"}],"database_specific":{"severity":"Medium"}}