CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-53149

Medium Severity
Linux
SVRS
30/100
CVSSv3
4.6/10
EPSS
0.00032/1

CVE-2024-53149 is a Linux Kernel vulnerability involving an off-by-one error in the usb: typec: ucsi: glink: fix off-by-one in connector_status component. This flaw affects Type-C orientation reporting, specifically impacting the third USB-C connector. The vulnerability stems from incorrect index handling within the UCSI connector status callback, which starts at index 1 instead of 0.

Although CVE-2024-53149 has a relatively low CVSS score of 4.6, the SOCRadar Vulnerability Risk Score (SVRS) is 30. This indicates that while the technical impact may be moderate, the SVRS suggests a lower level of active exploitation or threat actor interest compared to vulnerabilities with higher scores. The risk associated with this bug is primarily incorrect Type-C orientation reporting. While this might not lead to system compromise directly, inaccurate reporting could potentially lead to user confusion or operational issues in systems that rely on correct USB-C port orientation detection.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:P
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-12-24
LAST MODIFIED2025-01-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-53149 affects the Linux kernel and specifically addresses an off-by-one error in the USB Type-C connector status handling. This vulnerability could potentially lead to incorrect Type-C orientation reporting for the third USB-C connector. While the CVSS score is 0, the SVRS score of 42 indicates a potential vulnerability that requires attention.

Key Insights

  • Incorrect Orientation Reporting: The vulnerability could result in incorrect reporting of the orientation of the third USB-C connector, which may lead to issues with device compatibility and functionality.
  • Potential for Exploitation: While the CVSS score is low, the SVRS score suggests that this vulnerability could potentially be exploited, especially if combined with other vulnerabilities.
  • Limited Scope: This vulnerability primarily affects the third USB-C connector, limiting its impact to devices with multiple USB-C ports.
  • Kernel-Level Impact: The vulnerability lies within the Linux kernel, indicating the potential for system-level impact if exploited.

Mitigation Strategies

  • Kernel Updates: Immediately apply the latest Linux kernel updates to patch this vulnerability.
  • Device Configuration: Review and configure device settings related to USB-C connector usage to ensure appropriate handling.
  • Security Monitoring: Implement robust security monitoring tools to detect any unusual activity related to USB-C devices or kernel behavior.
  • User Awareness: Educate users about potential risks associated with USB-C connectors and the importance of using trusted devices and connections.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-53149 | Linux Kernel up to 6.11.10/6.12.1 glink pmic_glink_ucsi_connector_status off-by-one (Nessus ID 216493)
vuldb.com2025-02-21
CVE-2024-53149 | Linux Kernel up to 6.11.10/6.12.1 glink pmic_glink_ucsi_connector_status off-by-one (Nessus ID 216493) | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.11.10/6.12.1. Affected is the function pmic_glink_ucsi_connector_status of the component glink. The manipulation leads to off-by-one. This vulnerability is traded as <a href="https://vuldb.com/?source_cve.289254
vuldb.com
rss
forum
news
CVE-2024-53149 | Linux Kernel up to 6.11.10/6.12.1 glink pmic_glink_ucsi_connector_status off-by-one
vuldb.com2024-12-24
CVE-2024-53149 | Linux Kernel up to 6.11.10/6.12.1 glink pmic_glink_ucsi_connector_status off-by-one | A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.11.10/6.12.1. Affected is the function pmic_glink_ucsi_connector_status of the component glink. The manipulation leads to off-by-one. This vulnerability is traded as CVE-2024
vuldb.com
rss
forum
news

Social Media

CVE-2024-53149 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from … https://t.co/Ru5km84kvu
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/4a22918810980897393fa1776ea3877e4baf8cca
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6ba6f7f29e0dff47a2799e60dcd1b5c29cd811a5
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9a5a8b5bd72169aa7a8ec800ef57be2f2cb4d9b2
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/4a22918810980897393fa1776ea3877e4baf8cca
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6ba6f7f29e0dff47a2799e60dcd1b5c29cd811a5
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8a2273e5c1beb285729aa001422967b4711c53fe
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9a5a8b5bd72169aa7a8ec800ef57be2f2cb4d9b2

CWE Details

CWE IDCWE NameDescription
CWE-193Off-by-one ErrorA product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence