CVE-2024-53104
Published Dec 2, 2024
Last updated 4 months ago
- Description
- In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- debian_linux, linux_kernel
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Linux Kernel Out-of-Bounds Write Vulnerability
- Exploit added on
- Feb 5, 2025
- Exploit action due
- Feb 26, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 #CISO https://t.co/UpVKSNKyLV https://t.co/sn4lHuV7zu
@compuchris
17 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
30 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerability Alert: Android Kernel USB Driver Privilege Escalation Vulnerability 📅 Timeline: Disclosure: 2024-12-02, Patch: 2025-02-06 📌 Attribution: Cellebrite 🆔 CVEID: [CVE-2024-53104](https://t.co/LscahBacaf) 📊 BaseScore: **7.8 (High 🟠)** 📏 CVSSMetrics:
@syedaquib77
21 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104 - https://t.co/r8dlOG7zFA
@moton
21 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cellebrite社がAndroid端末に対してスパイウェア導入目的で使用した攻撃チェーンのPoC(攻撃の概念実証コード)が公表された。CVE-2024-53104はUSB Video Class (UVC)における権限昇格の脆弱性。 https://t.co/QdJt5xSS8g
@__kokumoto
21 Apr 2025
868 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104 https://t.co/EjfA1iqwPZ
@the_yellow_fall
21 Apr 2025
3104 Impressions
22 Retweets
62 Likes
26 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-53104
@transilienceai
16 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
10 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
PoC Released for High-Severity Linux Kernel Vulnerability (CVE-2024-53104) https://t.co/ttd3jArFSL
@Cyberkitera
8 Mar 2025
55 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
LinuxカーネルのUVCドライバに存在する重大度高の境界外書き込み脆弱性(CVE-2024-53104)のためのPoCが公開された。この脆弱性は、不正にパースされたUVC_VS_UNDEFINEDフレームが原因でバッファサイズの誤計算を引き起こし、隣接するメモリ領域の上書きが可能となる。 https://t.co/EZF8NtCXve
@yousukezan
8 Mar 2025
791 Impressions
4 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
🔓🔥 PoC لاستغلال ثغرة الكتابة خارج الحدود في نواة Linux : CVE-2024-53104 🧐⚠️ تفاصيل الثغرة: 📌 المصدر: تنشأ الثغرة من تحليل غير صحيح لإطارات UVC_VS_UNDEFINED داخل وظيفة uvc_parse_format، مما قد يؤدي إلى حساب غير دقيق لحجم المخزن المؤقت، وبالتالي كتابة خارج حدود الذاكرة. 🛠️
@MahRabie
8 Mar 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53104: Out-Of-Bounds (OOB) Write Vulnerability in the Linux Kernel https://t.co/7BlI0rtUcs Today's 1day1line is a Out-of-Bounds Write vulnerability in the uvc_parse_format function of the USB Video Class (UVC) driver, due to incorrect parsing of an undefined frame type
@hackyboiz
8 Mar 2025
3660 Impressions
11 Retweets
54 Likes
27 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-53104
@transilienceai
7 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
7 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
5 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Serbian activist’s Android phone was unlocked using a zero-day exploit developed by Cellebrite. This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens. CVE-2024-53104 Read Article : https://t.co/2YcVnnvJXf https://t.co/KqhUZS
@4osp3l
4 Mar 2025
1219 Impressions
8 Retweets
36 Likes
16 Bookmarks
2 Replies
1 Quote
#Android #Vulnerability CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update https://t.co/3XoiNYtf9i
@Komodosec
4 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
3 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I
@syedaquib77
28 Feb 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello Samsung. This issue, identified as CVE-2024-53104, Is serious vulnerability. Do we have a fix for this already?
@SamsungSWUpdate
18 Feb 2025
1365 Impressions
0 Retweets
22 Likes
1 Bookmark
4 Replies
0 Quotes
CISA KEV 警告 25/02/05:Linux Kernel の脆弱性 CVE-2024-53104 を登録 https://t.co/lmrNIf2nJ5 Linux Kernel の脆弱性が、CISA KEV に登録されました。Android ユーザー向けのアップデートが提供されていますので、ご利用のチームは、ご確認ください。 #CISAKEV #CVE202453104 #CyberAttack… https://t.co/wbyZOahbkk
@iototsecnews
14 Feb 2025
122 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
13 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Android Kernel のゼロデイ CVE-2024-53104 などが FIX:48 件の脆弱性を修正 https://t.co/em91iYZHsF Android の 48件の脆弱性が FIX しました。ゼロデイ脆弱性 CVE-2024-53104 も含まれています。アップデートを忘れないよう、お気をつけください。 #Android #CVE202443047 #CVE202443093… https://t.co/nfGhVQZv8Q
@iototsecnews
13 Feb 2025
65 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
10 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CISA has ordered federal agencies to #secure their systems within three weeks against a high-severity Linux kernel flaw (CVE-2024-53104) actively exploited in #cyberattacks. #Cybersecurity #infosec https://t.co/4IsNVDbcqp https://t.co/zgL3GZZBkV
@twelvesec
9 Feb 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
9 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
9 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Google lança correção para falha zero-day no kernel do Android🚨 O Google corrigiu a vulnerabilidade CVE-2024-53104 no kernel do Android, que permitia a elevação de privilégios por agentes mal-intencionados. A correção está nas atualizações de segurança de fevereiro de 2025. h
@ralph_maxi
8 Feb 2025
109 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
اهمیت بهروزرسانیهای امنیتی اندروید در دنیای دیجیتالی امروز، امنیت اطلاعات کاربران یکی از اولویتهای اصلی است. اخیراً، گوگل در فوریه ۲۰۲۵ یک آسیبپذیری روز صفر (Zero-Day) با شناسه CVE-2024-53104 را شناسایی کرده است که به مهاجمان اجازه میدهد تا با سوءاستفاده از این نقص در هسته…
@united4iran
7 Feb 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy Friday! This week, we’re highlighting an urgent warning from the U.S. Department of Homeland Security regarding a critical #Linux kernel zero-day vulnerability, CVE-2024-53104. While federal agencies are required to patch within three weeks, CISA strongly urges all… https:/
@vali_cyber
7 Feb 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has released critical security patches addressing 48 vulnerabilities, including a high-risk Android kernel zero-day (CVE-2024-53104) affecting USB Video Class drivers. This flaw can lead to memory corruption and arbitrary code execution.
@maxiujun
7 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 @Google's February 2025 @Android security update is here, patching 46 vulnerabilities - including a critical Linux kernel bug (CVE-2024-53104) that is actively being exploited in the wild. Time to update your device! 📲 #AndroidSecurity #Cybersecurity 🚨
@Eth1calHackrZ
7 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
7 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-53104 is now in CISA's KEV. This is a central point around nanos unikernels - why even have this code if you're deploying to a fake virtual machine (eg: the cloud). Where are you going to stick the USB!? https://t.co/SQ0ySlQXlk
@nanovms
6 Feb 2025
145 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
📱Actualiza siempre Es PRIMORDIAL, que tus dispositivos y aplicaciones estén siempre actualizados Recientemente se ha encontrado una vulnerabilidad en Android (CVE-2024-53104) que afecta el núcleo de Linux y podría haber sido explotada por herramientas forenses para extracción…
@StarkPrivacy
6 Feb 2025
5488 Impressions
28 Retweets
96 Likes
15 Bookmarks
2 Replies
0 Quotes
🚨 #CVE-2024-53104: #Linux Kernel Vulnerability and Its Implications for Cybersecurity https://t.co/bHtdKdeWsV
@UndercodeNews
6 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical warning for Linux users: CISA has confirmed active exploitation of a zero-day kernel vulnerability (CVE-2024-53104). Organizations must patch within three weeks to avoid severe risks. Take immediate action to safeguard your systems and prevent potential attacks. https://
@neoupdate_
6 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
На Android виявлено небезпечну вразливість нульового дня. #новини #uazmi #технології Google попереджає користувачів, зокрема власників Galaxy S25 та S24, про критичну вразливість Android. За даними Forbes, проблема (CVE-2024-53104) може використовуватися зловмисниками для… http
@uazminews
6 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53104 The vulnerability CVE-2024-53104 refers to a security flaw in the #Android kernel that allows an elevation of privilege. This specific vulnerability is located in the kernel's USB Video Class driver, allowing an authenticated, local attacker to perform out of… http
@koodous_project
6 Feb 2025
148 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑Android & Netgearの脆弱性に注意🛑 📱Googleが2月のアップデートでUSB経由で乗っ取られる恐れのある脆弱性 CVE-2024-53104 を修正。 📶Netgearもルーターの脆弱性を修正。リモートで乗っ取られる恐れあり。今すぐアップデートを! 🔗https://t.co/PkUtXUmIis #セキュリティ #脆弱性 #対策 https://t.co/V0nAabPjaw
@stonebeatsec
6 Feb 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1258 CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability ============= CVSSスコア:7.8 (Base) / CISA-ADP CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 種別:境界外書き込み(CWE-787 / CISA-ADP)… https://t.co/69Ged2R5O8
@piyokango
6 Feb 2025
4548 Impressions
2 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
6 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has ordered U.S. federal agencies to patch the critical Linux kernel vulnerability (CVE-2024-53104) by Feb 26, 2025, amid active exploitation. Affects Linux & Android devices. 🔒🐧 #LinuxPatch #CISA #USA link: https://t.co/ri17ok1eOG https://t.co/f825yTkrLu
@TweetThreatNews
5 Feb 2025
31 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 #CISO https://t.co/bfnuIIqZKP https://t.co/7yY9Ua4lgB
@compuchris
5 Feb 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تیم امنیتی اندروید برای ۴۷ آسیب پذیری در این سیستم عامل ، پچ جدیدی را منتشر نموده. یکی از مهمترین آسیب پذیری ها مربوط به یکی از درایور های کرنل لینوکس با نام USB Video Class می باشد که دارای کد شناسایی CVE-2024-53104 بوده و امکان اجرای کد یا RCE را می دهد. https://t.co/Poz3aKY03t
@AmirHossein_sec
5 Feb 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔒 Android Security Update – Feb 2025 🔒 Google patches 46 flaws, including CVE-2024-53104, a Linux kernel bug exploited in targeted attacks, possibly by forensic tools. Update to 2025-02-05 for full security fixes. Wear OS gets 1 fix, none for Android Auto. 📱 Details: 🔗… htt
@dCypherIO
5 Feb 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Urgent Android update! Google released Feb security patch with a zero-day exploit (CVE-2024-53104) being targeted. Update your phone immediately when available. Includes critical fixes and Play Protect enhancements. Rollout depends on manufacturer/carrier. https://t.co/FvwuOWZ1Z0
@Jfreeg_
5 Feb 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Android Security Alert: New USB vulnerability (CVE-2024-53104) under active exploitation allows device takeover through malicious USB connections. Key actions: ✅ Update Android now ✅ Avoid unknown USB devices ✅ Use trusted charging only Details on kernel… https
@cipherprojects
5 Feb 2025
84 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 - https://t.co/8QmfbnlKh0 #thn #infosec
@mwyres
4 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has fixed a previously unknown vulnerability, CVE-2024-53104, in Android related to the Linux kernel. It may have been exploited by forensic data extraction tools used by law enforcement. The fix is included in the "2025-02-05" security patch. #Android #Security #Privacy
@ProgresiveRobot
4 Feb 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D54A7F-73FB-4CC5-AA42-317A87945790",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "822EAD12-FA29-4559-BAC2-8AEFC53F6D37",
"versionEndExcluding": "6.12.1",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]