{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53644","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-07T15:16:59.659Z","datePublished":"2025-10-07T15:19:43.049Z","dateUpdated":"2026-05-11T19:49:08.770Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:49:08.770Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: radio-shark: Add endpoint checks\n\nThe syzbot fuzzer was able to provoke a WARNING from the radio-shark2\ndriver:\n\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 3271 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 3271 Comm: kworker/0:3 Not tainted 6.1.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 00 36 ea fb 48 8b 7c 24 18 e8 36 1c 02 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 b6 90 8a e8 9a 29 b8 03 <0f> 0b e9 58 f8 ff ff e8 d2 35 ea fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc90003876dd0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000\nRDX: ffff8880750b0040 RSI: ffffffff816152b8 RDI: fffff5200070edac\nRBP: ffff8880172d81e0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001\nR13: ffff8880285c5040 R14: 0000000000000002 R15: ffff888017158200\nFS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe03235b90 CR3: 000000000bc8e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58\n usb_bulk_msg+0x226/0x550 drivers/usb/core/message.c:387\n shark_write_reg+0x1ff/0x2e0 drivers/media/radio/radio-shark2.c:88\n...\n\nThe problem was caused by the fact that the driver does not check\nwhether the endpoints it uses are actually present and have the\nappropriate types.  This can be fixed by adding a simple check of\nthese endpoints (and similarly for the radio-shark driver)."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/radio/radio-shark.c","drivers/media/radio/radio-shark2.c"],"versions":[{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"3ed6a312ac1e7278f92b1b3d95377b335ae21e89","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"afd72825b4fcb7ae4015e1c93b054f4c37a25684","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"2b580d0f03c4fc00013cd08f9ed96b87a08fd0d9","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"8a30dce9d7f70f8438956f6a01142b926c301334","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"b1bde4b4360c3d8a35504443efabd3243b802805","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"53764a17f5d8f0d00b13297d06b5e65fa844288b","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"4c3057a1927fa0b9ed8948b6f3b56b4ff9fa63d3","status":"affected","versionType":"git"},{"version":"8e2ce73e932b629c3e12546e5fffac7ee54d0093","lessThan":"76e31045ba030e94e72105c01b2e98f543d175ac","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/radio/radio-shark.c","drivers/media/radio/radio-shark2.c"],"versions":[{"version":"3.6","status":"affected"},{"version":"0","lessThan":"3.6","status":"unaffected","versionType":"semver"},{"version":"4.14.316","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.284","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.244","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.181","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.114","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.31","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.5","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"4.14.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"4.19.284"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.4.244"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.15.114"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"6.1.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"6.3.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3ed6a312ac1e7278f92b1b3d95377b335ae21e89"},{"url":"https://git.kernel.org/stable/c/afd72825b4fcb7ae4015e1c93b054f4c37a25684"},{"url":"https://git.kernel.org/stable/c/2b580d0f03c4fc00013cd08f9ed96b87a08fd0d9"},{"url":"https://git.kernel.org/stable/c/8a30dce9d7f70f8438956f6a01142b926c301334"},{"url":"https://git.kernel.org/stable/c/b1bde4b4360c3d8a35504443efabd3243b802805"},{"url":"https://git.kernel.org/stable/c/53764a17f5d8f0d00b13297d06b5e65fa844288b"},{"url":"https://git.kernel.org/stable/c/4c3057a1927fa0b9ed8948b6f3b56b4ff9fa63d3"},{"url":"https://git.kernel.org/stable/c/76e31045ba030e94e72105c01b2e98f543d175ac"}],"title":"media: radio-shark: Add endpoint checks","x_generator":{"engine":"bippy-1.2.0"}}}}