CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability

Published Dec 27, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usbgetconfiguration for allocating dev->config.

This can lead to out-of-bounds accesses later, e.g. in usbdestroyconfiguration.

Other sources

Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.

CISA

This CVE was automatically created from a reference found in an email or other text. If you are reading this, then this CVE entry is probably erroneous, since this text should be replaced by the official CVE description automatically.

Launchpad

Affected Software

14 affected componentsFixes available
Linux Linux kernel
Linux Kernel
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
Google Android
Linux Linux kernel>=2.6.12<4.19.325
Linux Linux kernel>=4.20<5.4.287
Linux Linux kernel>=5.5<5.10.231
Linux Linux kernel>=5.11<5.15.174
Linux Linux kernel>=5.16<6.1.120
Linux Linux kernel>=6.2<6.6.64
Linux Linux kernel>=6.7<6.11.11
Linux Linux kernel>=6.12<6.12.2
Debian Debian Linux=11.0

Remediation

Information

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Patch Available

https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19

Patch Available

https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960

Patch Available

https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865

Patch Available

https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b

Patch Available

https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b

Patch Available

https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7

Patch Available

https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca

Patch Available

https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d

Patch Available

https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40

Event History

Dec 4, 2023
News Published
06:01 AM
Dec 18, 2023
News Published
02:25 AM
Jan 15, 2024
News Published
03:34 PM
Apr 29, 2024
News Published
02:29 AM
May 6, 2024
News Published
02:30 AM
May 13, 2024
News Published
02:21 AM
Jun 3, 2024
News Published
12:02 PM
Jul 1, 2024
News Published
03:35 AM
Jul 22, 2024
News Published
03:44 AM
Sep 30, 2024
News Published
03:02 AM
Nov 11, 2024
News Published
03:28 AM
Dec 27, 2024
CVE Published
via MITRE·01:49 PM
Data Sourced
via MITRE·01:49 PM
Description
Data Sourced
via Red Hat·02:05 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Feb 10, 2025
News Published
02:30 AM
Feb 28, 2025
News Published
via BleepingComputer·04:27 PM
News Published
via BleepingComputer·04:28 PM
Mar 3, 2025
News Published
03:31 AM
Mar 24, 2025
Data Sourced
via Launchpad·01:02 AM
Description
Apr 7, 2025
Data Sourced
via Android·12:00 AM
SeverityWeaknessAffected Software
News Published
via BleepingComputer·05:55 PM
Apr 9, 2025
Known Exploited
via CISA·12:00 AM
May 3, 2025
Data Sourced
via Ubuntu·01:12 AM
RemedyDescriptionSeverityAffected Software
Sep 8, 2025
News Published
via The Register·11:46 AM
News Published
via The Register·11:49 AM

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-53197?

CVE-2024-53197 has a medium severity rating due to its potential to cause out-of-bound access in certain ALSA usb-audio devices.

2

How do I fix CVE-2024-53197?

To fix CVE-2024-53197, ensure you update your Linux kernel to the latest version that includes the patch addressing this vulnerability.

3

What software is affected by CVE-2024-53197?

CVE-2024-53197 affects the Linux Kernel, specifically impacting ALSA usb-audio drivers for Extigy and Mbox devices.

4

What are the potential impacts of CVE-2024-53197?

The potential impacts of CVE-2024-53197 may include system instability or crashes due to out-of-bounds access in the affected devices.

5

When was CVE-2024-53197 reported?

CVE-2024-53197 was reported as a vulnerability in the Linux kernel affecting ALSA usb-audio functionality.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203