Known Exploited Vulnerability
7.8
HIGH
CVE-2024-53197
Linux Kernel Out-of-Bounds Access Vulnerability - [Actively Exploited]
Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

INFO

Published Date :

Dec. 27, 2024, 2:15 p.m.

Last Modified :

April 10, 2025, 3:37 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024122725-CVE-2024-53197-6aef@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53197

Public PoC/Exploit Available at Github

CVE-2024-53197 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-53197 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-53197.

URL Resource
https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19 Patch
https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960 Patch
https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865 Patch
https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b Patch
https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b Patch
https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7 Patch
https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca Patch
https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d Patch
https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
CryptoGenNepal/CVE-KEV-RSS

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.

cve json rss cgn cisa kev

Python HTML

Updated: 4 days, 20 hours ago
0 stars 0 fork 0 watcher
Born at : Feb. 16, 2025, 5:21 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
xairy/linux-kernel-exploitation

A collection of links related to Linux kernel security and exploitation

linux-kernel kernel-exploitation exploit privilege-escalation security

Updated: 1 day, 16 hours ago
5881 stars 937 fork 937 watcher
Born at : Nov. 13, 2016, 10:21 p.m. This repo has been linked 280 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-53197 vulnerability anywhere in the article.

  • The Hacker News
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched ... Read more

Published Date: Apr 14, 2025 (19 hours, 37 minutes ago)
CVE-2025-3439 CVE-2025-31565 CVE-2025-2636 CVE-2025-3102 CVE-2025-29824 CVE-2024-48887 CVE-2024-11859 CVE-2025-30401 CVE-2025-2244 CVE-2025-30406 ...+10 more CVE
  • Daily CyberSecurity
Critical Vulnerability (CVE-2025-31498) Patched in c-ares DNS Library

The Domain Name System (DNS) plays a pivotal role, translating human-friendly domain names into the numerical IP addresses that computers understand. And at the heart of many applications facilitating ... Read more

Published Date: Apr 11, 2025 (4 days, 6 hours ago)
CVE-2024-12556 CVE-2025-32406 CVE-2025-31498 CVE-2025-30406 CVE-2025-20115 CVE-2024-43707 CVE-2024-53197 CVE-2024-53150 CVE-2024-37144 CVE-2024-37143 ...+9 more CVE
  • Cyber Security News
CISA Warns of Linux USB-Audio Driver Out-of-Bounds Vulnerability Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has added two significant Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog yesterday, confirming both flaws ... Read more

Published Date: Apr 10, 2025 (4 days, 22 hours ago)
CVE-2024-53197 CVE-2024-53150 CVE-2024-53104
  • TheCyberThrone
CISA adds Two Linux Kernel bugs to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Linux kernel vulnerabilities, CVE-2024-53150 and CVE-2024-53197, to its Known Exploited Vulnerabilities (KEV) Catalog ... Read more

Published Date: Apr 10, 2025 (5 days, 3 hours ago)
CVE-2024-53197 CVE-2024-53150 CVE-2024-53104 CVE-2024-50302
  • Daily CyberSecurity
CISA Warns of Actively Exploited Linux Kernel Vulnerabilities (CVE-2024-53197, CVE-2024-53150)

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after adding two newly discovered Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, co ... Read more

Published Date: Apr 10, 2025 (5 days, 4 hours ago)
CVE-2024-12556 CVE-2025-32406 CVE-2025-30406 CVE-2025-20115 CVE-2024-43707 CVE-2024-53197 CVE-2024-53150 CVE-2024-37144 CVE-2024-37143 CVE-2024-53104 ...+8 more CVE
  • Dark Reading
2 Android Zero-Day Bugs Under Active Exploit

Source: Yuen Man Cheung via Alamy Stock PhotoNEWS BRIEFGoogle has patched 62 vulnerabilities in Android, including two zero-days that are actively being exploited in attacks, tracked as CVE-2024-53197 ... Read more

Published Date: Apr 08, 2025 (6 days, 12 hours ago)
CVE-2024-53197 CVE-2024-53150 CVE-2024-53104 CVE-2024-50302
  • TheCyberThrone
Google Android Security Update April 2025

The April 2025 Android security update is a comprehensive effort by Google to enhance the security of Android devices worldwide. By addressing 62 vulnerabilities, including two actively exploited zero ... Read more

Published Date: Apr 08, 2025 (6 days, 15 hours ago)
CVE-2025-20156 CVE-2024-53197 CVE-2024-53150 CVE-2024-53104 CVE-2024-50302
  • Cyber Security News
Google Patched Android 0-Day Vulnerability Exploited in the Wild

Google has released its April 2025 Android Security Bulletin, addressing numerous critical vulnerabilities including two zero-day flaws actively exploited in targeted attacks. This marks the third con ... Read more

Published Date: Apr 08, 2025 (6 days, 20 hours ago)
CVE-2024-53197 CVE-2024-53150
  • The Hacker News
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Mobile Security / Vulnerability Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-20 ... Read more

Published Date: Apr 08, 2025 (1 week ago)
CVE-2024-53197 CVE-2024-53150 CVE-2024-53104 CVE-2024-50302
  • BleepingComputer
Google fixes Android zero-days exploited in attacks, 60 other flaws

Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. One of the zero-days, a high-severity privilege escal ... Read more

Published Date: Apr 07, 2025 (1 week ago)
CVE-2024-53197 CVE-2024-53150 CVE-2024-53104 CVE-2024-50302 CVE-2024-43047
  • Dark Reading
Serbian Police Hack Protester's Phone With Cellebrite Exploit Chain

Source: Dejan Krsmanovic via Alamy Stock PhotoSerbian law enforcement officials are using a Cellebrite mobile "information extraction" product in tandem with an exploit chain to target dissidents, inc ... Read more

Published Date: Mar 04, 2025 (1 month, 1 week ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • Cyber Security News
Google Warns of Two Critical Android Vulnerabilities Under Attack – Update Now!

Google has issued an urgent security alert for CVE-2024-43093 and CVE-2024-50302, two critical Android vulnerabilities actively exploited in coordinated attacks targeting devices running Android 12 th ... Read more

Published Date: Mar 04, 2025 (1 month, 1 week ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2024-43093
  • The Hacker News
Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities

Vulnerability / Mobile Security Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exp ... Read more

Published Date: Mar 04, 2025 (1 month, 1 week ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2024-43093
  • Cyber Security News
U.S. Halts Cyber Operations Targeting Russia

The United States has paused offensive cyber operations against Russia under an order from Defense Secretary Pete Hegseth, causing debates over geopolitical strategy and domestic cybersecurity priorit ... Read more

Published Date: Mar 03, 2025 (1 month, 1 week ago)
CVE-2024-53197 CVE-2024-53104
  • The Register
US Cyber Command reportedly pauses cyberattacks on Russia

Infosec In Brief US Defense Secretary Pete Hegseth has reportedly ordered US Cyber Command to pause offensive operations against Russia, as the USA’s Cybersecurity and Infrastructure Security Agency ( ... Read more

Published Date: Mar 03, 2025 (1 month, 1 week ago)
CVE-2024-57026 CVE-2025-20059 CVE-2024-12284 CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • Cybersecurity News
Cellebrite Spyware Bypasses Android Lock Screens with Zero-Day Flaws

Israeli digital intelligence company Cellebrite offers intelligence gathering and forensic review services to its clients. Additionally, the company provides certain undisclosed zero-day vulnerabiliti ... Read more

Published Date: Mar 02, 2025 (1 month, 1 week ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-53675 CVE-2024-50302
  • security.nl
Amnesty: Cellebrite gebruikte Android usb-lek voor ontgrendelen telefoons

Ontwikkelaar van forensische software Cellebrite heeft drie kwetsbaarheden in de usb-kerneldrivers van Android gebruikt voor het ontgrendelen van vergrendelde telefoons, zo meldt mensenrechtenorganisa ... Read more

Published Date: Mar 01, 2025 (1 month, 1 week ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • Cyber Security News
Android Phone’s Unlocked Using Cellebrite’s Linux USB Zero-day Exploit

Amnesty International’s Security Lab has uncovered a sophisticated cyber-espionage campaign in Serbia, where authorities used a zero-day exploit chain developed by Cellebrite to unlock the Android pho ... Read more

Published Date: Mar 01, 2025 (1 month, 2 weeks ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302
  • The Hacker News
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

Mobile Security / Zero-Day A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amne ... Read more

Published Date: Feb 28, 2025 (1 month, 2 weeks ago)
CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2018-0171
  • BleepingComputer
Serbian police used Cellebrite zero-day hack to unlock Android phones

Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. Cellebrite ... Read more

Published Date: Feb 28, 2025 (1 month, 2 weeks ago)
CVE-2025-24200 CVE-2024-53197 CVE-2024-53104 CVE-2024-50302 CVE-2024-29748 CVE-2024-29745

The following table lists the changes that have been made to the CVE-2024-53197 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Apr. 10, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.12 up to (excluding) 6.12.2 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.12 up to (excluding) 4.19.325 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.11 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.174 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.231 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.287 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.64
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40 Types: Patch
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Apr. 10, 2025

    Action Type Old Value New Value
    Added Date Added 2025-04-09
    Added Due Date 2025-04-30
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Linux Kernel Out-of-Bounds Access Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Apr. 07, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-787
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 27, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
    Added Reference https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
    Added Reference https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
    Added Reference https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
    Added Reference https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
    Added Reference https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
    Added Reference https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
    Added Reference https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
    Added Reference https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
    Added Reference https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-53197 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-53197 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: