0.0
NA
CVE-2024-53197
ALSA USB Audio out-of-bound Array Access Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

INFO

Published Date :

Dec. 27, 2024, 2:15 p.m.

Last Modified :

Dec. 27, 2024, 2:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2024-53197 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-53197.

URL Resource
https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-53197 vulnerability anywhere in the article.

  • Dark Reading
Serbian Police Hack Protester's Phone With Cellebrite Exploit Chain

Source: Dejan Krsmanovic via Alamy Stock PhotoSerbian law enforcement officials are using a Cellebrite mobile "information extraction" product in tandem with an exploit chain to target dissidents, inc ... Read more

Published Date: Mar 04, 2025 (4 days, 23 hours ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • Cyber Security News
Google Warns of Two Critical Android Vulnerabilities Under Attack – Update Now!

Google has issued an urgent security alert for CVE-2024-43093 and CVE-2024-50302, two critical Android vulnerabilities actively exploited in coordinated attacks targeting devices running Android 12 th ... Read more

Published Date: Mar 04, 2025 (5 days, 12 hours ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2024-43093
  • The Hacker News
Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Vulnerability / Mobile Security Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exp ... Read more

Published Date: Mar 04, 2025 (5 days, 16 hours ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2024-43093
  • Cyber Security News
U.S. Halts Cyber Operations Targeting Russia

The United States has paused offensive cyber operations against Russia under an order from Defense Secretary Pete Hegseth, causing debates over geopolitical strategy and domestic cybersecurity priorit ... Read more

Published Date: Mar 03, 2025 (6 days, 8 hours ago)
CVE-2024-53197 CVE-2024-53104
  • The Register
US Cyber Command reportedly pauses cyberattacks on Russia

Infosec In Brief US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, as the USA’s Cybersecurity and Infrastructure Security Agency ( ... Read more

Published Date: Mar 03, 2025 (6 days, 17 hours ago)
CVE-2024-57026 CVE-2025-20059 CVE-2024-12284 CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • Cybersecurity News
Cellebrite Spyware Bypasses Android Lock Screens with Zero-Day Flaws

Israeli digital intelligence company Cellebrite offers intelligence gathering and forensic review services to its clients. Additionally, the company provides certain undisclosed zero-day vulnerabiliti ... Read more

Published Date: Mar 02, 2025 (1 week ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-53675 CVE-2024-50302
  • security.nl
Amnesty: Cellebrite gebruikte Android usb-lek voor ontgrendelen telefoons

Ontwikkelaar van forensische software Cellebrite heeft drie kwetsbaarheden in de usb-kerneldrivers van Android gebruikt voor het ontgrendelen van vergrendelde telefoons, zo meldt mensenrechtenorganisa ... Read more

Published Date: Mar 01, 2025 (1 week, 1 day ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • Cyber Security News
Android Phone’s Unlocked Using Cellebrite’s Linux USB Zero-day Exploit

Amnesty International’s Security Lab has uncovered a sophisticated cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain developed by Cellebrite to unlock the Android pho ... Read more

Published Date: Mar 01, 2025 (1 week, 1 day ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • The Hacker News
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

Mobile Security / Zero-Day A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amne ... Read more

Published Date: Feb 28, 2025 (1 week, 2 days ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2018-0171
  • BleepingComputer
Serbian police used Cellebrite zero-day hack to unlock Android phones

Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. Cellebrite ... Read more

Published Date: Feb 28, 2025 (1 week, 2 days ago)
CVE-2025-24200 CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2024-29748 CVE-2024-29745

The following table lists the changes that have been made to the CVE-2024-53197 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 27, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
    Added Reference https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
    Added Reference https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
    Added Reference https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
    Added Reference https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
    Added Reference https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
    Added Reference https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
    Added Reference https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
    Added Reference https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
    Added Reference https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-53197 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-53197 weaknesses.

NONE - Vulnerability Scoring System
: