CVE-2024-53197

HIGH CISA KEV EPSS 87.9%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Apr 9, 2025 1y ago
KEV Due Apr 30, 2025 428d overdue

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 428d
Added
Apr 9, 2025
Due
Apr 30, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
87.9% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12  –  <4.19.325
linuxlinux_kernel*≥4.20  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2
debiandebian_linux11.0any

References 12

  • git.kernel.org https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
    Mailing List
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53197
    US Government Resource

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
    Patch