CVE-2024-53197

Published Dec 27, 2024

Last updated 7 months ago

Exploit knownCVSS high 7.8
Linux Kernel
Ubuntu
Server
Mobile device

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-53197 is a privilege escalation vulnerability found in the USB sub-component of the Linux kernel. It stems from improper handling of the `bNumConfigurations` value in the ALSA USB audio subsystem, which can lead to out-of-bounds memory accesses. This vulnerability could allow an attacker with physical access to the system, through a malicious USB device, to manipulate system memory, potentially escalating privileges or executing arbitrary code. It has been identified as being exploited in targeted attacks, including being part of an exploit chain used to compromise an Android phone in December 2024.

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed
Products
linux_kernel, debian_linux

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Out-of-Bounds Access Vulnerability
Exploit added on
Apr 9, 2025
Exploit action due
Apr 30, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score
Not currently trending

  1. #Vulnerability #Androidsecurity CISA Warns of Actively Exploited Linux Kernel Vulnerabilities (CVE-2024-53197, CVE-2024-53150) https://t.co/OzrVJPcCH0

    @Komodosec

    20 Jun 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 2. Android Cihazlarda İki Zero-Day Açığı (CVE-2024-53150 & CVE-2024-53197) Google, Nisan 2025 güvenlik güncellemesi kapsamında Android cihazlarda iki kritik sıfır gün açığını gidermiştir: •CVE-2024-53150: Kullanıcı etkileşimi olmadan hassas bilgilere yet

    @MuratDemirtas

    26 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Google Patches Two Actively Exploited Android Zero-Day Vulnerabilities https://t.co/w5TTG3JTLc Google has patched 62 Android vulnerabilities, including two zero-days (CVE-2024-53197 and CVE-2024-53150) under active exploitation that allow privilege escalation and

    @Huntio

    16 Apr 2025

    573 Impressions

    4 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Heads up: CISA added two significant Linux kernel vulnerabilities to its KEV catalog, confirming both flaws are being actively weaponized in targeted attacks: • CVE-2024-53197 • CVE-2024-53150 @The_Cyber_News has more. 👇 https://t.co/8cwQqhztnU

    @AlmaLinux

    16 Apr 2025

    403 Impressions

    3 Retweets

    13 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Google Sécurité, confirmation d’une exploitation active des failles Android CVE-2024-53150 et CVE-2024-53197. https://t.co/QF06wKfW5j

    @NicolasCoolman

    13 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛡️ We added Linux Kernel vulnerabilities CVE-2024-53197 & CVE-2024-53150 to our Known Exploited Vulnerabilities Catalog. Apply mitigations to protect your org from cyberattacks. #InfoSec https://t.co/ROBXiTLbxH

    @GlobalCyberCom

    10 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA has added Linux kernel vulnerabilities CVE-2024-53197 and CVE-2024-53150 to its KEV catalog, warning of active exploitation. Learn how these flaws are used in Android device exploits and what steps to take. https://t.co/o9wzJFdW8n

    @the_yellow_fall

    10 Apr 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔨WhatsApp、リモートコード実行を容易にする脆弱性を修正(CVE-2025-30401) 📱GoogleがAndroidのゼロデイ脆弱性2件を修正、悪用された可能性についても言及(CVE-2024-53197、CVE-2024-53150) 〜サイバーアラート 4月9日〜 https://t.co/ohAKKImzR7 #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    9 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Google has patched two active Android zero-day vulnerabilities CVE-2024-53197 & CVE-2024-53150 being exploited without user interaction. One flaw was used to unlock a student activist's device to install spyware. Patches are available for Android 13-15, but device-specific ht

    @CareWeDoNot

    8 Apr 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Android Security Alert: Google’s April 2025 update patches 62 flaws, incl. 2 zero-days (CVE-2024-53150 & CVE-2024-53197) actively exploited in the wild. Update to patch level 2025-04-01 or later ASAP. #Android #CyberSecurity #PatchNow https://t.co/veLmeXmMOz

    @CloneSystemsInc

    8 Apr 2025

    82 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Google’s April Android update patches 62 flaws—2 are actively exploited! CVE-2024-53150 & CVE-2024-53197 affect Linux kernel USB, used in real-world attacks. Update ASAP to stay secure. https://t.co/wJIraDfvKm #Android #ZeroDay #CyberSecurity #Google #PatchNow

    @dCypherIO

    8 Apr 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Google's April 2025 Android update addresses critical kernel vulnerabilities (CVE-2024-53150, CVE-2024-53197) exploited in attacks. Protect devices with this vital security patch! 🔒📱 #AndroidSecurity #CyberAlerts #USA link: https://t.co/Sj6TbBEPhF https://t.co/BUrqUBA81Q

    @TweetThreatNews

    8 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Google has patched 62 vulnerabilities, including two high-severity flaws (CVE-2024-53150 and CVE-2024-53197) actively exploited in the wild. Update Android devices to ensure security! 🔒 #AndroidUpdate #Vulnerabilities #USA link: https://t.co/6dPXMnccMW https://t.co/HLzOsni16n

    @TweetThreatNews

    8 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Android Zero-Days Patched Google’s April 2025 update fixes 62 vulns, including 2 actively exploited flaws in the USB kernel component: CVE-2024-53150 Info leak CVE-2024-53197 Privilege escalation 🔒 Part of a known exploit chain used in real-world attacks. https://t.co

    @CareWeDoNot

    8 Apr 2025

    77 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 📢 CiberSeguridad en menos de 5 minutos 📱 Google corrige dos 0-day en Android – CVE-2024-53197 y CVE-2024-53150, una usada por Cellebrite, permiten escalada de privilegios y lectura fuera de límites en el kernel. 🧩 Extensiones maliciosas en VSCode – Más de 300K instalaciones h

    @Seifreed

    8 Apr 2025

    3029 Impressions

    18 Retweets

    111 Likes

    19 Bookmarks

    1 Reply

    1 Quote

  16. 🔥 Google patches 62 security flaws — but 2 were already exploited in the wild. One (CVE-2024-53197) helped hackers break into a Serbian activist’s phone in Dec 2024. 👀 Zero user interaction. Remote takeover. Full story → https://t.co/F1HiWAqbhR

    @TheHackersNews

    8 Apr 2025

    14009 Impressions

    77 Retweets

    140 Likes

    21 Bookmarks

    2 Replies

    1 Quote

  17. Android corregge due zero-day usati da Cellebrite e chiude oltre 60 vulnerabilità critiche Sicurezza Informatica, Android, Android Pixel, cellebrite, CVE-2024-53150, CVE-2024-53197, escalation privilegi, exploit, kernel, NoviSpy, patch, Serbia, usb, vuln… https://t.co/ZTpZ0l37PK

    @matricedigitale

    7 Apr 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. ⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I

    @syedaquib77

    28 Feb 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.CVE-2026-45447
  2. Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.CVE-2026-49975
  3. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  4. In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stopping all traffic until manually reset. Implement ndo_features_check to disable GSO for packets with small MSS values. The network stack will perform software segmentation instead. The 224-byte minimum matches ibmvnic commit <f10b09ef687f> ("ibmvnic: Enforce stronger sanity checks on GSO packets") which uses the same physical adapters in SEA configurations. The issue occurs specifically when the hardware attempts to perform segmentation (gso_segs > 1) with a small MSS. Single-segment GSO packets (gso_segs == 1) do not trigger the problematic LSO code path and are transmitted normally without segmentation. Add an ndo_features_check callback to disable GSO when MSS < 224 bytes. Also call vlan_features_check() to ensure proper handling of VLAN packets, particularly QinQ (802.1ad) configurations where the hardware parser may not support certain offload features. Validated using iptables to force small MSS values. Without the fix, the adapter freezes. With the fix, packets are segmented in software and transmission succeeds. Comprehensive regression testing completedd (MSS tests, performance, stability).CVE-2026-46273
  5. In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] [..snip..] Call trace: tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] (P) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] (L) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] coresight_enable_path+0x1c8/0x218 [coresight] coresight_enable_sysfs+0xa4/0x228 [coresight] enable_source_store+0x58/0xa8 [coresight] dev_attr_store+0x20/0x40 sysfs_kf_write+0x4c/0x68 kernfs_fop_write_iter+0x120/0x1b8 vfs_write+0x2c8/0x388 ksys_write+0x74/0x108 __arm64_sys_write+0x24/0x38 el0_svc_common.constprop.0+0x64/0x148 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x130 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x1ac/0x1b0 ---[ end trace 0000000000000000 ]--- Since the enablement of sysfs mode is separeted into two critical regions, one for sysfs buffer allocation and another for hardware enablement, it's possible to race with the perf mode. Fix this by double check whether the perf mode's been used before enabling the hardware in sysfs mode. mode: [sysfs mode] [perf mode] tmc_etr_get_sysfs_buffer() spin_lock(&drvdata->spinlock) [sysfs buffer allocation] spin_unlock(&drvdata->spinlock) spin_lock(&drvdata->spinlock) tmc_etr_enable_hw() drvdata->etr_buf = etr_perf->etr_buf spin_unlock(&drvdata->spinlock) spin_lock(&drvdata->spinlock) tmc_etr_enable_hw() WARN_ON(drvdata->etr_buf) // WARN sicne etr_buf initialized at the perf side spin_unlock(&drvdata->spinlock) With this fix, we retain the check for CS_MODE_PERF in get_etr_sysfs_buf. This ensures we verify whether the perf mode's already running before we actually allocate the buffer. Then we can save the time of allocating/freeing the sysfs buffer if race with the perf mode.CVE-2026-46272

References

Sources include official advisories and independent security research.