CVE-2023-52742: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a WARNING: usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 WARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 Modules linked in: CPU: 1 PID: 4645 Comm: dhcpcd Not tainted 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 ... Call Trace: <TASK> usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153 __usbnet_read_cmd+0xb9/0x390 drivers/net/usb/usbnet.c:2010 usbnet_read_cmd+0x96/0xf0 drivers/net/usb/usbnet.c:2068 pl_vendor_req drivers/net/usb/plusb.c:60 [inline] pl_set_QuickLink_features drivers/net/usb/plusb.c:75 [inline] pl_reset+0x2f/0xf0 drivers/net/usb/plusb.c:85 usbnet_open+0xcc/0x5d0 drivers/net/usb/usbnet.c:889 __dev_open+0x297/0x4d0 net/core/dev.c:1417 __dev_change_flags+0x587/0x750 net/core/dev.c:8530 dev_change_flags+0x97/0x170 net/core/dev.c:8602 devinet_ioctl+0x15a2/0x1d70 net/ipv4/devinet.c:1147 inet_ioctl+0x33f/0x380 net/ipv4/af_inet.c:979 sock_do_ioctl+0xcc/0x230 net/socket.c:1169 sock_ioctl+0x1f8/0x680 net/socket.c:1286 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The fix is to call usbnet_write_cmd() instead of usbnet_read_cmd() and remove the USB_DIR_IN flag.
AI Analysis
Technical Summary
CVE-2023-52742 is a vulnerability identified in the Linux kernel's USB network driver, specifically within the plusb.c driver code. The issue was detected by the syzbot fuzzer, which found that a zero-length control-OUT USB transfer was incorrectly handled as a read operation instead of a write. This mismatch leads to a kernel warning indicating a 'BOGUS control dir' error, which is triggered by the USB core subsystem when the direction of the USB control pipe does not match the expected direction derived from the bRequestType field. The root cause is that the plusb driver calls usbnet_read_cmd() when it should call usbnet_write_cmd() for these zero-length control-OUT transfers, and it incorrectly sets the USB_DIR_IN flag. This flaw results in a kernel warning and potentially unstable behavior when the affected USB network device is used. The fix involves replacing the call to usbnet_read_cmd() with usbnet_write_cmd() and removing the USB_DIR_IN flag to correctly reflect the transfer direction. The vulnerability is present in Linux kernel versions identified by the given commit hashes (all the same in this case), and it affects the plusb USB network driver, which supports certain USB network adapters. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability does not appear to allow direct code execution or privilege escalation but can cause kernel warnings and potentially disrupt network device functionality or stability.
Potential Impact
For European organizations, the impact of CVE-2023-52742 is primarily related to system stability and reliability rather than direct compromise or data breach. Organizations using Linux systems with USB network adapters supported by the plusb driver could experience kernel warnings and possible network disruptions. This could affect network connectivity on affected devices, leading to potential downtime or degraded performance in environments relying on these USB network adapters. While the vulnerability does not currently have known exploits, the kernel warnings could be leveraged by attackers to cause denial of service or to aid in more complex attack chains if combined with other vulnerabilities. Given the widespread use of Linux in European enterprises, cloud providers, and critical infrastructure, any instability in kernel USB drivers could have operational impacts, especially in environments where USB network devices are used for connectivity or specialized network functions. However, the scope is limited to systems using the plusb driver, which is not among the most common USB network drivers, somewhat limiting the overall impact.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2023-52742. Specifically, they should ensure that their kernel versions incorporate the patch that replaces usbnet_read_cmd() with usbnet_write_cmd() in the plusb driver and removes the incorrect USB_DIR_IN flag. System administrators should audit their environments to identify any systems using USB network adapters supported by the plusb driver and plan kernel upgrades accordingly. Additionally, monitoring kernel logs for the specific warning message 'BOGUS control dir, pipe 80000280 doesn't match bRequestType c0' can help detect attempts to trigger this condition or identify affected devices. For critical systems where immediate kernel upgrades are not feasible, temporarily disabling or avoiding the use of affected USB network devices may reduce risk. Organizations should also maintain robust patch management processes to quickly deploy kernel updates once available. Finally, as this vulnerability was discovered via fuzzing, organizations should consider employing fuzz testing and other proactive vulnerability discovery techniques in their own development and testing environments to identify similar issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2023-52742: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a WARNING: usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0 WARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411 usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 Modules linked in: CPU: 1 PID: 4645 Comm: dhcpcd Not tainted 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411 ... Call Trace: <TASK> usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153 __usbnet_read_cmd+0xb9/0x390 drivers/net/usb/usbnet.c:2010 usbnet_read_cmd+0x96/0xf0 drivers/net/usb/usbnet.c:2068 pl_vendor_req drivers/net/usb/plusb.c:60 [inline] pl_set_QuickLink_features drivers/net/usb/plusb.c:75 [inline] pl_reset+0x2f/0xf0 drivers/net/usb/plusb.c:85 usbnet_open+0xcc/0x5d0 drivers/net/usb/usbnet.c:889 __dev_open+0x297/0x4d0 net/core/dev.c:1417 __dev_change_flags+0x587/0x750 net/core/dev.c:8530 dev_change_flags+0x97/0x170 net/core/dev.c:8602 devinet_ioctl+0x15a2/0x1d70 net/ipv4/devinet.c:1147 inet_ioctl+0x33f/0x380 net/ipv4/af_inet.c:979 sock_do_ioctl+0xcc/0x230 net/socket.c:1169 sock_ioctl+0x1f8/0x680 net/socket.c:1286 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The fix is to call usbnet_write_cmd() instead of usbnet_read_cmd() and remove the USB_DIR_IN flag.
AI-Powered Analysis
Technical Analysis
CVE-2023-52742 is a vulnerability identified in the Linux kernel's USB network driver, specifically within the plusb.c driver code. The issue was detected by the syzbot fuzzer, which found that a zero-length control-OUT USB transfer was incorrectly handled as a read operation instead of a write. This mismatch leads to a kernel warning indicating a 'BOGUS control dir' error, which is triggered by the USB core subsystem when the direction of the USB control pipe does not match the expected direction derived from the bRequestType field. The root cause is that the plusb driver calls usbnet_read_cmd() when it should call usbnet_write_cmd() for these zero-length control-OUT transfers, and it incorrectly sets the USB_DIR_IN flag. This flaw results in a kernel warning and potentially unstable behavior when the affected USB network device is used. The fix involves replacing the call to usbnet_read_cmd() with usbnet_write_cmd() and removing the USB_DIR_IN flag to correctly reflect the transfer direction. The vulnerability is present in Linux kernel versions identified by the given commit hashes (all the same in this case), and it affects the plusb USB network driver, which supports certain USB network adapters. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability does not appear to allow direct code execution or privilege escalation but can cause kernel warnings and potentially disrupt network device functionality or stability.
Potential Impact
For European organizations, the impact of CVE-2023-52742 is primarily related to system stability and reliability rather than direct compromise or data breach. Organizations using Linux systems with USB network adapters supported by the plusb driver could experience kernel warnings and possible network disruptions. This could affect network connectivity on affected devices, leading to potential downtime or degraded performance in environments relying on these USB network adapters. While the vulnerability does not currently have known exploits, the kernel warnings could be leveraged by attackers to cause denial of service or to aid in more complex attack chains if combined with other vulnerabilities. Given the widespread use of Linux in European enterprises, cloud providers, and critical infrastructure, any instability in kernel USB drivers could have operational impacts, especially in environments where USB network devices are used for connectivity or specialized network functions. However, the scope is limited to systems using the plusb driver, which is not among the most common USB network drivers, somewhat limiting the overall impact.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2023-52742. Specifically, they should ensure that their kernel versions incorporate the patch that replaces usbnet_read_cmd() with usbnet_write_cmd() in the plusb driver and removes the incorrect USB_DIR_IN flag. System administrators should audit their environments to identify any systems using USB network adapters supported by the plusb driver and plan kernel upgrades accordingly. Additionally, monitoring kernel logs for the specific warning message 'BOGUS control dir, pipe 80000280 doesn't match bRequestType c0' can help detect attempts to trigger this condition or identify affected devices. For critical systems where immediate kernel upgrades are not feasible, temporarily disabling or avoiding the use of affected USB network devices may reduce risk. Organizations should also maintain robust patch management processes to quickly deploy kernel updates once available. Finally, as this vulnerability was discovered via fuzzing, organizations should consider employing fuzz testing and other proactive vulnerability discovery techniques in their own development and testing environments to identify similar issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T15:19:24.233Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe7435
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 6:12:41 AM
Last updated: 8/1/2025, 12:50:13 AM
Views: 16
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.