CVE-2023-54277— Linux kernel 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-54277の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
fbdev: udlfb: Fix endpoint check
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: Fix endpoint check The syzbot fuzzer detected a problem in the udlfb driver, caused by an endpoint not having the expected type: usb 1-1: Read EDID byte 0 failed: -71 usb 1-1: Unable to get valid EDID from device/display ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 9 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 Modules linked in: CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller-00016-ga4422ff22142 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504 ... Call Trace: <TASK> dlfb_submit_urb+0x92/0x180 drivers/video/fbdev/udlfb.c:1980 dlfb_set_video_mode+0x21f0/0x2950 drivers/video/fbdev/udlfb.c:315 dlfb_ops_set_par+0x2a7/0x8d0 drivers/video/fbdev/udlfb.c:1111 dlfb_usb_probe+0x149a/0x2710 drivers/video/fbdev/udlfb.c:1743 The current approach for this issue failed to catch the problem because it only checks for the existence of a bulk-OUT endpoint; it doesn't check whether this endpoint is the one that the driver will actually use. We can fix the problem by instead checking that the endpoint used by the driver does exist and is bulk-OUT.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于fbdev: udlfb中端点类型检查不当,可能导致无效URB提交。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2023-54277の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-54277のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-12-30 · 244 CVEs total
| CVE-2023-54266 | media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() | |
| CVE-2023-54250 | ksmbd: avoid out of bounds access in decode_preauth_ctxt() | |
| CVE-2023-54249 | bus: mhi: ep: Only send -ENOTCONN status if client driver is available | |
| CVE-2023-54251 | net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. | |
| CVE-2023-54253 | btrfs: set page extent mapped after read_folio in relocate_one_page | |
| CVE-2023-54252 | platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings | |
| CVE-2023-54254 | drm/ttm: Don't leak a resource on eviction error | |
| CVE-2023-54255 | sh: dma: Fix DMA channel offset calculation | |
| CVE-2023-54257 | net: macb: fix a memory corruption in extended buffer descriptor mode | |
| CVE-2023-54258 | cifs: fix potential oops in cifs_oplock_break | |
| CVE-2023-54259 | soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow | |
| CVE-2023-54260 | cifs: Fix lost destroy smbd connection when MR allocate failed | |
| CVE-2023-54261 | drm/amdkfd: Add missing gfx11 MQD manager callbacks | |
| CVE-2023-54262 | net/mlx5e: Don't clone flow post action attributes second time | |
| CVE-2023-54263 | drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP | |
| CVE-2023-54264 | fs/sysv: Null check to prevent null-ptr-deref bug | |
| CVE-2023-54274 | RDMA/srpt: Add a check for valid 'mad_agent' pointer | |
| CVE-2023-54275 | wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup | |
| CVE-2023-54276 | nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net | |
| CVE-2023-54273 | xfrm: Fix leak of dev tracker |
Showing 20 of 244 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
同じベンダー: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. CVE-2023-54277へのコメント
まだコメントはありません