CVE-2023-53761Operation on a Resource after Expiration or Release in Linux

CWE-672Operation on a Resource after Expiration or Release6 documents5 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer found a problem in the usbtmc driver: When a user submits an ioctl for a 0-length control transfer, the driver does not check that the direction is set to OUT: ------------[ cut here ]------------ usb 3-1: BOGUS control dir, pipe 80000b80 doesn't match bRequestType fd WARNING: CPU: 0 PID: 5100 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0

Affected Packages4 packages

Linuxlinux/linux_kernel4.20.05.4.244+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux658f24f4523e41cda6a389c38b763f4c0cad6fbc7cef7681aa7719ff585dd06113a061ab2def7da0+6
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-8x9m-r5f2-8m89: In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer2025-12-08
OSV
USB: usbtmc: Fix direction for 0-length ioctl control messages2025-12-08
OSV
CVE-2023-53761: In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fix direction for 0-length ioctl control messages The syzbot fuzzer f2025-12-08

📋Vendor Advisories

2
Red Hat
kernel: USB: usbtmc: Fix direction for 0-length ioctl control messages2025-12-08
Debian
CVE-2023-53761: linux - In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc...2023