CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-53197

Critical Severity
SVRS
75/100
CVSSv3
7.8/10
EPSS
0.00284/1

CVE-2024-53197 is a critical vulnerability in the Linux kernel's ALSA usb-audio subsystem. This out-of-bounds access issue, specifically affecting Extigy and Mbox devices, arises when a malicious device provides a crafted bNumConfigurations value, leading to memory corruption. Although the CVSS score is 7.8, the SOCRadar Vulnerability Risk Score (SVRS) of 75 indicates a significant threat level, nearing criticality. The vulnerability can be triggered by connecting a malicious USB device. Given that active exploits are available and it is tagged "In The Wild" and "CISA KEV", immediate patching is highly recommended to prevent potential system instability or arbitrary code execution. Failing to address this can lead to serious security incidents.

TAGS
In The Wild
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-12-27
LAST MODIFIED2025-04-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-53197 is a vulnerability in the Linux kernel's ALSA (Advanced Linux Sound Architecture) subsystem, specifically within the usb-audio driver. A maliciously crafted USB audio device can provide an invalid bNumConfigurations value, leading to out-of-bounds memory access when the kernel attempts to allocate memory for device configurations. The SOCRadar Vulnerability Risk Score (SVRS) for this CVE is 64, indicating a moderate level of risk that warrants attention and patching but is not immediately critical.

Key Insights

  1. Memory Corruption Risk: The vulnerability enables an attacker to cause memory corruption in the Linux kernel by providing a malformed USB device configuration. This can potentially lead to denial of service (DoS) or, in more sophisticated attacks, kernel-level code execution.

  2. USB Device Attack Vector: The attack vector is the connection of a malicious USB audio device. Systems that accept arbitrary USB connections, such as publicly accessible computers or servers where users can plug in their own devices, are at higher risk.

  3. ALSA Subsystem Focus: The vulnerability is specific to the ALSA usb-audio driver. Systems not utilizing the ALSA subsystem or with alternative audio configurations may be less susceptible, though the underlying USB handling logic may present similar vulnerabilities elsewhere.

Mitigation Strategies

  1. Kernel Patching: Apply the latest security patches provided by the Linux kernel maintainers. This is the most direct and effective way to address the vulnerability. Ensure systems are regularly updated with security fixes.

  2. USB Device Monitoring and Restrictions: Implement policies to restrict the use of untrusted USB devices, especially on critical systems. Consider using USB device whitelisting or monitoring tools to detect and prevent the connection of unauthorized devices.

  3. ALSA Configuration Review: Examine ALSA configurations to ensure only necessary audio devices and drivers are enabled. Disabling the usb-audio driver entirely if it's not required can mitigate the risk.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Linux Kernel Out-of-Bounds Access Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-531972025-04-09
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7459-2: Linux kernel (GCP) vulnerabilities
2025-04-28
USN-7459-2: Linux kernel (GCP) vulnerabilities | Jann Horn discovered that the watch_queue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or escalate their privileges. (CVE-2022-0995) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic
ubuntu.com
rss
forum
news
USN-7468-1: Linux kernel (Azure, N-Series) vulnerabilities
2025-04-28
USN-7468-1: Linux kernel (Azure, N-Series) vulnerabilities | Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) It was discovered that the CIFS network file
ubuntu.com
rss
forum
news
USN-7463-1: Linux kernel (IBM) vulnerabilities
2025-04-24
USN-7463-1: Linux kernel (IBM) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in
ubuntu.com
rss
forum
news
USN-7449-2: Linux kernel (HWE) vulnerabilities
2025-04-24
USN-7449-2: Linux kernel (HWE) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Compressed RAM block device driver; - TPM device driver; - Clock framework and drivers; - Data acquisition framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - CXL (Compute Express Link
ubuntu.com
rss
forum
news
USN-7458-1: Linux kernel (IBM) vulnerabilities
2025-04-24
USN-7458-1: Linux kernel (IBM) vulnerabilities | Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86
ubuntu.com
rss
forum
news
USN-7459-1: Linux kernel (Intel IoTG) vulnerabilities
2025-04-24
USN-7459-1: Linux kernel (Intel IoTG) vulnerabilities | Jann Horn discovered that the watch_queue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or escalate their privileges. (CVE-2022-0995) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem
ubuntu.com
rss
forum
news
USN-7451-1: Linux kernel vulnerabilities
2025-04-23
USN-7451-1: Linux kernel vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Ublk userspace block driver; - Compressed RAM block device driver; - TPM device driver; - Clock framework and drivers; - Data acquisition framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - CXL
ubuntu.com
rss
forum
news

Social Media

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197: https://t.co/HdEFJdk1gl
0
0
0
Las mismas son identificadas como CVE-2024-53197 y CVE-2024-53150 eran un problema del kernel que afectaba al audio USB de ALSA permitiendo explotar valores de configuración y así activar el acceso a la memoria fuera de las límites permitidos.
0
0
0
Google Sécurité, confirmation d’une exploitation active des failles Android CVE-2024-53150 et CVE-2024-53197. https://t.co/QF06wKfW5j
0
0
0
🚨 Google has patched two critical zero-day vulnerabilities (CVE-2024-53150 & CVE-2024-53197) in Android related to the USB-audio driver. Affected devices before April 2025 patch are at risk. 🔒 #AndroidSecurity #ZeroDay #USA link: https://t.co/cXUjBye1DK https://t.co/v3XjAlTJUi
0
0
0
🛡️ We added Linux Kernel vulnerabilities CVE-2024-53197 & CVE-2024-53150 to our Known Exploited Vulnerabilities Catalog. Apply mitigations to protect your org from cyberattacks. #InfoSec https://t.co/ROBXiTLbxH
0
0
0
⚠️ Vulnerability Alert: Linux Kernel USB-audio Driver Out-of-Bounds Vulnerabilities 📅 Timeline: Disclosure: 2024-12-27, Patch: 2025-04-10 🆔cveId: CVE-2024-53197 📊baseScore: 7.8 📏cvssMetrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠
0
0
0
🚨 CISA warns of two actively exploited Linux kernel vulnerabilities (CVE-2024-53197 & CVE-2024-53150). Targeting FCEB agencies, these flaws pose serious risks. Patching required by April 30, 2025. 🇷🇸 #LinuxVulnerabilities #CISA link: https://t.co/nu23lZUYvz https://t.co/3oegaeYeLo
0
0
1
Two Android zero-day flaws—CVE-2024-53197 & CVE-2024-53150—are being actively exploited in the wild. No user interaction required. Just silent access. One was used to unlock a student activist’s phone using Cellebrite tools. #AndroidSecurity #ZeroDay https://t.co/l0lnJrL29x
0
0
0
🚨 Atenção! CVE-2024-53197: Vulnerabilidade de acesso fora dos limites no Kernel Linux afeta o driver USB-audio. Atacantes com acesso físico podem manipular a memória do sistema. Mitigações disponíveis - siga as instruções do fornecedor! #CyberSecurity #InfoSec #CVE
0
0
0
CISA added 2 of them yesterday. Seems we were just ahead of them for these 2. - CVE-2024-53150 - CVE-2024-53197
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence