CVE-2024-53197
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config.
This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0b4ea4bfe16566b84645ded1403756a2dc4e0f19 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9b8460a2a7ce478e0b625af7c56d444dc24190f7 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 62dc01c83fa71e10446ee4c31e0e3d5d1291e865 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9887d859cd60727432a01564e8f91302d361b72b | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 920a369a9f014f10ec282fd298d0666129379f1b | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b8f8b81dabe52b413fe9e062e8a852c48dd0680d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 379d3b9799d9da953391e973b934764f01e03960 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b909df18ce2a998afef81d58bbd1a05dc0788c40 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.19.325 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.287 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.231 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.174 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.120 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.64 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.11 <= 6.11.* | unaffected |
| Linux | Linux | 6.12.2 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
References
- https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
- https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
- https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
- https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
- https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
- https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
- https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
- https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
- https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.