CVE-2024-53104
published 2024-12-02CVE-2024-53104: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can…
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-02-26
Exploited in the wild
EPSS
3.30%
87.0th percentile
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.119-1 (bookworm) | linux 6.1.119-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.119-1 (bookworm) | linux 6.1.119-1 (bookworm) |
| android | — | — | |
| linux | linux | — | — |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8 | 95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 684022f81f128338fe3587ec967459669a1204ae | 684022f81f128338fe3587ec967459669a1204ae |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < faff5bbb2762c44ec7426037b3000e77a11d6773 | faff5bbb2762c44ec7426037b3000e77a11d6773 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 467d84dc78c9abf6b217ada22b3fdba336262e29 | 467d84dc78c9abf6b217ada22b3fdba336262e29 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < beced2cb09b58c1243733f374c560a55382003d6 | beced2cb09b58c1243733f374c560a55382003d6 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 575a562f7a3ec2d54ff77ab6810e3fbceef2a91d | 575a562f7a3ec2d54ff77ab6810e3fbceef2a91d |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 622ad10aae5f5e03b7927ea95f7f32812f692bb5 | 622ad10aae5f5e03b7927ea95f7f32812f692bb5 |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < 1ee9d9122801eb688783acd07791f2906b87cb4f | 1ee9d9122801eb688783acd07791f2906b87cb4f |
| linux | linux | >= c0efd232929c2cd87238de2cccdaf4e845be5b0c < ecf2b43018da9579842c774b7f35dbe11b5c38dd | ecf2b43018da9579842c774b7f35dbe11b5c38dd |
| linux | linux_kernel | >= 0 < 5.10.234-1 | 5.10.234-1 |
| linux | linux_kernel | >= 0 < 6.1.119-1 | 6.1.119-1 |
| linux | linux_kernel | >= 0 < 6.11.9-1 | 6.11.9-1 |
| linux | linux_kernel | >= 0 < 6.11.9-1 | 6.11.9-1 |
| linux | linux_kernel | >= 0 < 5.4.0-208.228 | 5.4.0-208.228 |
| linux | linux_kernel | >= 0 < 5.15.0-133.144 | 5.15.0-133.144 |
| linux | linux_kernel | >= 0 < 6.8.0-55.57 | 6.8.0-55.57 |
| linux | linux_kernel | >= 0 < 6.11.0-18.18 | 6.11.0-18.18 |
| linux | linux_kernel | >= 0 < 3.13.0-207.258 | 3.13.0-207.258 |
| linux | linux_kernel | >= 0 < 4.4.0-266.300 | 4.4.0-266.300 |
| linux | linux_kernel | >= 0 < 4.4.0-268.302 | 4.4.0-268.302 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is exploited through the uvc_parse_format function's failure to skip UVC_VS_UNDEFINED frame types, causing frame buffer size miscalculations and out-of-bounds writes. Monitor for kernel crashes or memory corruption events in the uvcvideo driver module. ↗
- →The vulnerability was introduced in Linux kernel version 2.6.26. Any Linux or Android system running a kernel older than the February 2025 patch level and exposing UVC USB devices should be treated as vulnerable. ↗
- →Android devices not yet at the February 2025 security patch level remain vulnerable. Verify patch level on managed Android devices as a detection/compliance check. ↗
- ·The April 2025 Android patch (2025-04-05 level) includes fixes for kernel subcomponents that may not apply to all Android devices; OEM-specific patch timelines vary. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck7.8HIGH
cisa7.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux vulnerabilities
osv·2025-08-27·CVSS 6.4
CVE-2021-0920 [MEDIUM] linux vulnerabilities
linux vulnerabilities
It was discovered a race condition existed in the Unix domain socket
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-0920)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Media drivers;
(CVE-2024-50302, CVE-2024-53104)
OSV
linux-raspi-5.4 vulnerabilities
osv·2025-05-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC archi
OSV
linux-raspi vulnerabilities
osv·2025-05-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architect
OSV
linux-azure-nvidia vulnerabilities
osv·2025-04-28·CVSS 8.8
CVE-2024-8805 [HIGH] linux-azure-nvidia vulnerabilities
linux-azure-nvidia vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive informa
OSV
linux-ibm-5.15 vulnerabilities
osv·2025-04-24
CVE-2025-0927 linux-ibm-5.15 vulnerabilities
linux-ibm-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block d
OSV
linux-iot vulnerabilities
osv·2025-04-03·CVSS 5.5
CVE-2022-38096 [MEDIUM] linux-iot vulnerabilities
linux-iot vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly
OSV
linux-azure-6.8 vulnerabilities
osv·2025-04-01·CVSS 8.8
CVE-2024-8805 [HIGH] linux-azure-6.8 vulnerabilities
linux-azure-6.8 vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive informatio
OSV
linux-hwe-6.8 vulnerabilities
osv·2025-04-01·CVSS 8.8
CVE-2024-8805 [HIGH] linux-hwe-6.8 vulnerabilities
linux-hwe-6.8 vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 arch
OSV
linux-aws-5.4 vulnerabilities
osv·2025-04-01·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC archite
OSV
linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
osv·2025-03-28
CVE-2025-0927 linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Driver
OSV
linux-fips vulnerabilities
osv·2025-03-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-fips vulnerabilities
linux-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architectu
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-03-28
CVE-2025-0927 linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed bl
OSV
linux-azure vulnerabilities
osv·2025-03-27·CVSS 8.8
CVE-2024-8805 [HIGH] linux-azure vulnerabilities
linux-azure vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(
OSV
linux-oem-6.8 vulnerabilities
osv·2025-03-27·CVSS 8.8
CVE-2024-8805 [HIGH] linux-oem-6.8 vulnerabilities
linux-oem-6.8 vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 arch
OSV
linux-aws-5.15, linux-kvm vulnerabilities
osv·2025-03-27
CVE-2025-0927 linux-aws-5.15, linux-kvm vulnerabilities
linux-aws-5.15, linux-kvm vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM bac
OSV
linux-ibm vulnerabilities
osv·2025-03-27·CVSS 8.8
CVE-2024-8805 [HIGH] linux-ibm vulnerabilities
linux-ibm vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architec
OSV
Kernel Live Patch Security Notice
osv·2025-03-26·CVSS 5.5
CVE-2023-52880 [MEDIUM] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been
resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any
unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN
to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to
do that.)(CVE-2023-52880)
In the Linux kernel, the following vulnerability has been
resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6
OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY -
Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary
packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the
packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key
structure with the metadata like conntrack st
OSV
linux-lts-xenial vulnerabilities
osv·2025-03-13·CVSS 7.8
[HIGH] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure;
- BPF subsystem;
- Netfilter;
- Network sockets;
- Memory management;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netlink;
- TIPC protocol;
- Wireless networking;
- ALSA framework;
(
OSV
linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
osv·2025-03-13·CVSS 7.8
CVE-2025-0927 [HIGH] linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
OSV
linux-azure, linux-azure-4.15 vulnerabilities
osv·2025-03-13·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-azure, linux-azure-4.15 vulnerabilities
linux-azure, linux-azure-4.15 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
OSV
linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle vulnerabilities
osv·2025-03-11·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle vulnerabilities
linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in th
OSV
linux-kvm vulnerabilities
osv·2025-03-11·CVSS 7.8
CVE-2025-0927 [HIGH] linux-kvm vulnerabilities
linux-kvm vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure
OSV
linux, linux-hwe vulnerabilities
osv·2025-03-11·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux, linux-hwe vulnerabilities
linux, linux-hwe vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure;
- BPF subsystem;
- Netfilter;
- Memory management;
- Amateur Radio drivers;
-
OSV
linux-nvidia vulnerabilities
osv·2025-03-07·CVSS 7.8
CVE-2025-0927 [HIGH] linux-nvidia vulnerabilities
linux-nvidia vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
OSV
linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
osv·2025-03-05·CVSS 7.8
CVE-2025-0927 [HIGH] linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
(CVE-2024-50274, CVE-2024-53104, CVE-2024-53064)
OSV
linux, linux-aws vulnerabilities
osv·2025-03-05·CVSS 7.8
[HIGH] linux, linux-aws vulnerabilities
linux, linux-aws vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure;
- BPF subsystem;
- Netfilter;
- Network sockets;
- Memory management;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netlink;
- TIPC protocol;
- Wireless networking;
- ALSA framework;
(
OSV
linux-hwe-5.15 vulnerabilities
osv·2025-03-05·CVSS 5.5
CVE-2025-0927 [MEDIUM] linux-hwe-5.15 vulnerabilities
linux-hwe-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network
OSV
linux, linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerability
osv·2025-03-05·CVSS 7.8
CVE-2024-53104 [HIGH] linux, linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerability
linux, linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerability
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
OSV
linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities
osv·2025-03-05·CVSS 7.8
CVE-2025-0927 [HIGH] linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities
linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
OSV
linux-kvm vulnerabilities
osv·2025-03-03·CVSS 5.5
[MEDIUM] linux-kvm vulnerabilities
linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- Framebuffer layer;
- BTRFS file
OSV
linux-ibm vulnerabilities
osv·2025-02-28·CVSS 4.7
[MEDIUM] linux-ibm vulnerabilities
linux-ibm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- Framebuffer layer;
- BTRFS file
OSV
linux-oem-6.11 vulnerabilities
osv·2025-02-28
CVE-2025-0927 linux-oem-6.11 vulnerabilities
linux-oem-6.11 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
-
OSV
linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
osv·2025-02-27·CVSS 4.7
[MEDIUM] linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
-
OSV
linux-aws vulnerabilities
osv·2025-02-27·CVSS 7.8
[HIGH] linux-aws vulnerabilities
linux-aws vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interface
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
osv·2025-02-27·CVSS 5.5
[MEDIUM] linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Conne
OSV
linux-raspi vulnerabilities
osv·2025-02-26·CVSS 5.5
[MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interfa
OSV
linux, linux-hwe-5.4 vulnerabilities
osv·2025-02-26
CVE-2025-0927 linux, linux-hwe-5.4 vulnerabilities
linux, linux-hwe-5.4 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Med
OSV
linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4 vulnerabilities
osv·2025-02-26·CVSS 6.3
[MEDIUM] linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4 vulnerabilities
linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Se
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-02-26·CVSS 6.7
CVE-2023-21400 [MEDIUM] linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Me
OSV
linux-gcp, linux-gcp-5.15, linux-gke vulnerabilities
osv·2025-02-26·CVSS 7.8
[HIGH] linux-gcp, linux-gcp-5.15, linux-gke vulnerabilities
linux-gcp, linux-gcp-5.15, linux-gke vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connecto
OSV
linux-lowlatency-hwe-5.15 vulnerabilities
osv·2025-02-25·CVSS 5.5
CVE-2025-0927 [MEDIUM] linux-lowlatency-hwe-5.15 vulnerabilities
linux-lowlatency-hwe-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers
OSV
linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities
osv·2025-02-25·CVSS 5.5
[MEDIUM] linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities
linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
OSV
linux-ibm vulnerabilities
osv·2025-02-25·CVSS 5.5
[MEDIUM] linux-ibm vulnerabilities
linux-ibm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interface
OSV
linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle vulnerabilities
osv·2025-02-24·CVSS 5.5
[MEDIUM] linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle vulnerabilities
linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C supp
OSV
linux, linux-lowlatency vulnerabilities
osv·2025-02-24·CVSS 5.5
CVE-2025-0927 [MEDIUM] linux, linux-lowlatency vulnerabilities
linux, linux-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
OSV
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
osv·2025-02-19
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- RAM backed block device driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework a
OSV
linux, linux-lowlatency vulnerabilities
osv·2025-02-19
CVE-2025-0927 linux, linux-lowlatency vulnerabilities
linux, linux-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI d
OSV
CVE-2024-53104: In uvc_parse_format of uvc_driver
osv·2025-02-01
CVE-2024-53104 CVE-2024-53104: In uvc_parse_format of uvc_driver
In uvc_parse_format of uvc_driver.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2024-53104: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
osv·2024-12-02·CVSS 7.8
CVE-2024-53104 [HIGH] CVE-2024-53104: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
GHSA
GHSA-fg92-6xpx-v2x4: In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
ghsa_unreviewed·2024-12-02
CVE-2024-53104 [HIGH] CWE-787 GHSA-fg92-6xpx-v2x4: In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
VulnCheck
Linux Kernel Out-of-Bounds Write Vulnerability
vulncheck·2024·CVSS 7.8
CVE-2024-53104 [HIGH] CWE-787 Linux Kernel Out-of-Bounds Write Vulnerability
Linux Kernel Out-of-Bounds Write Vulnerability
Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
Affected: Linux Kernel
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://source.android.com/docs/security/bulletin/2025-02-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/; https://cloud.google.com/b
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-08-27·CVSS 6.4
CVE-2021-0920 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered a race condition existed in the Unix domain socket
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-0920)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Media drivers;
(CVE-2024-50302, CVE-2024-53104)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel upd
CISA ICS
Siemens Third-Party Components in SINEC OS
cisa_ics·2025-08-14
Siemens Third-Party Components in SINEC OS
ICS Advisory
##
Siemens Third-Party Components in SINEC OS
Release DateAugust 14, 2025
Alert CodeICSA-25-226-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Third-Party Components in SINEC OS
- Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read,
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-28·CVSS 5.5
CVE-2024-53198 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This upd
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-28·CVSS 5.5
CVE-2025-21731 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This upd
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities
vendor_ubuntu·2025-04-28·CVSS 8.8
CVE-2024-53083 [HIGH] Linux kernel (Azure, N-Series) vulnerabilities
Title: Linux kernel (Azure, N-Series) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target na
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2025-04-24
CVE-2024-40965 Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsyst
Ubuntu
Linux kernel (IoT) vulnerabilities
vendor_ubuntu·2025-04-03·CVSS 6.3
CVE-2024-50006 [MEDIUM] Linux kernel (IoT) vulnerabilities
Title: Linux kernel (IoT) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A loca
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 8.8
CVE-2024-49888 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace wh
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53183 [MEDIUM] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corre
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 8.8
CVE-2024-49888 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-50153 Linux kernel (Xilinx ZynqMP) vulnerabilities
Title: Linux kernel (Xilinx ZynqMP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block lay
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-03-28·CVSS 5.5
CVE-2024-50006 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corr
Ubuntu
Linux kernel (NVIDIA Tegra) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-50153 Linux kernel (NVIDIA Tegra) vulnerabilities
Title: Linux kernel (NVIDIA Tegra) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block laye
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2025-03-27·CVSS 8.8
CVE-2024-49965 [HIGH] Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-03-27·CVSS 8.8
CVE-2024-49965 [HIGH] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace wh
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2025-03-27·CVSS 8.8
CVE-2024-49965 [HIGH] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-27
CVE-2024-56724 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2025-03-26·CVSS 5.5
CVE-2024-53140 [MEDIUM] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
In the Linux kernel, the following vulnerability has been
resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any
unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN
to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to
do that.)(CVE-2023-52880)
In the Linux kernel, the following vulnerability has been
resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6
OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY -
Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary
packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the
packet. OVS_PACKET_ATTR_KEY is parsed first to
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-13·CVSS 7.8
CVE-2025-0927 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-13·CVSS 7.8
CVE-2024-43893 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure;
- BPF subsystem;
- Netfilter;
- Network sockets;
- Memory management;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-13·CVSS 5.5
CVE-2024-43893 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects fl
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-11·CVSS 5.5
CVE-2024-40981 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure;
- BPF sub
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-11·CVSS 5.5
CVE-2024-41064 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects fl
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-11·CVSS 7.8
CVE-2024-41064 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file sy
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-05·CVSS 7.8
CVE-2024-40981 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- Direct Digital Synthesis drivers;
- TTY drivers;
- 9P distributed file system;
- JFS file system;
- NILFS2 file system;
- File systems infrastructure;
- BPF subsystem;
- Netfilter;
- Network sockets;
- Memory management;
- Amateur Radio drivers;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-05·CVSS 7.8
CVE-2025-0927 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
(CVE-2024-50274, CVE-2024-53104, CVE-2024-53064)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION:
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-05·CVSS 5.5
CVE-2023-52913 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
-
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2025-03-05·CVSS 7.8
CVE-2024-53104 [HIGH] Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: Several security issues were fixed in Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
(CVE-2024-53104)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-03·CVSS 5.5
CVE-2024-49973 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-28
CVE-2024-47738 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-28·CVSS 5.5
CVE-2024-50278 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-27·CVSS 5.5
CVE-2024-50245 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-27·CVSS 4.7
CVE-2024-50006 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-27·CVSS 7.8
CVE-2024-53103 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 5.5
CVE-2024-50245 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 6.3
CVE-2024-50006 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 7.8
CVE-2024-50245 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 6.7
CVE-2024-50301 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- Infini
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26
CVE-2024-50301 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBa
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.5
CVE-2024-50154 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.5
CVE-2024-50154 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.5
CVE-2024-50154 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-24·CVSS 5.5
CVE-2024-50036 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-24·CVSS 5.5
CVE-2024-50036 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-19
CVE-2024-47738 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- RAM backed block device driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock fr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-19
CVE-2024-49996 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
CISA
Linux Kernel Out-of-Bounds Write Vulnerability
cisa·2025-02-05·CVSS 7.8
CVE-2024-53104 [HIGH] CWE-787 Linux Kernel Out-of-Bounds Write Vulnerability
Vulnerability: Linux Kernel Out-of-Bounds Write Vulnerability
Affected: Linux Kernel
Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-53104
Remediation Due Date: 2025-02-26
Android
CVE-2024-53104: UVC
vendor_android·2025-02-01·CVSS 7.8
CVE-2024-53104 [HIGH] CVE-2024-53104: UVC
Android Security Bulletin 2025-02-01
CVE: CVE-2024-53104
Severity: HIGH
Type: EoP
Component: UVC
References: A-378455392
Upstream kernel
[2]
Red Hat
kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
vendor_redhat·2024-12-02·CVSS 7.8
CVE-2024-53104 [HIGH] CWE-787 kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.
A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacker who is able to influence the format of video streams captured by a system's USB video device cou
Debian
CVE-2024-53104: linux - In the Linux kernel, the following vulnerability has been resolved: media: uvcv...
vendor_debian·2024·CVSS 7.8
CVE-2024-53104 [HIGH] CVE-2024-53104: linux - In the Linux kernel, the following vulnerability has been resolved: media: uvcv...
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Scope: local
bookworm: resolved (fixed in 6.1.119-1)
bullseye: resolved (fixed in 5.10.234-1)
forky: resolved (fixed in 6.11.9-1)
sid: resolved (fixed in 6.11.9-1)
trixie: resolved (fixed in 6.11.9-1)
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Google fixes Android zero-days exploited in attacks, 60 other flaws
blogs_bleepingcomputer·2025-04-07·CVSS 5.5
CVE-2024-53197 [MEDIUM] Google fixes Android zero-days exploited in attacks, 60 other flaws
## Google fixes Android zero-days exploited in attacks, 60 other flaws
## Sergiu Gatlan
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks.
One of the zero-days, a high-severity privilege escalation security vulnerability ( CVE-2024-53197 ) in the Linux kernel's USB-audio driver for ALSA Devices, was reportedly exploited by Serbian authorities to unlock confiscated Android devices as part of a zero-day exploit chain developed by Israeli digital forensics company Cellebrite.
This exploit chain—which also included a USB Video Class zero-day (CVE-2024-53104) patched in February and a Human Interface Devices zero-day (CVE-2024-50302) patched last month )—was discovered by Amnesty International's
Bleepingcomputer
Google fixes Android zero-day exploited by Serbian authorities
blogs_bleepingcomputer·2025-03-04·CVSS 7.3
CVE-2024-50302 [HIGH] Google fixes Android zero-day exploited by Serbian authorities
## Google fixes Android zero-day exploited by Serbian authorities
## Sergiu Gatlan
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days exploited in targeted attacks.
Serbian authorities have used one of the zero-days, a high-severity information disclosure security vulnerability ( CVE-2024-50302 ) in the Linux kernel's driver for Human Interface Devices, to unlock confiscated devices.
The flaw was reportedly exploited as part of an Android zero-day exploit chain developed by Israeli digital forensics company Cellebrite to unlock confiscated devices.
The exploit chain—which also includes a USB Video Class zero-day (CVE-2024-53104) patched last month and an ALSA USB-sound driver zero-day)—was found by Amnesty International'
Checkpoint
10th February – Threat Intelligence Report
blogs_checkpoint·2025-02-10
CVE-2025-0994 10th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th February, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Grubhub, the US-based online food ordering and delivery platform, suffered a data breach due to unauthorized access through a compromised third-party service provider’s account. The incident exposed personal details of customers, drivers, and merchants, including names, email addresses, phone numbers, payment card types
Bleepingcomputer
CISA orders agencies to patch Linux kernel bug exploited in attacks
blogs_bleepingcomputer·2025-02-05·CVSS 7.8
CVE-2024-53104 [HIGH] CISA orders agencies to patch Linux kernel bug exploited in attacks
## CISA orders agencies to patch Linux kernel bug exploited in attacks
## Sergiu Gatlan
CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks.
Tracked as CVE-2024-53104 , the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday.
"There are indications that CVE-2024-53104 may be under limited, targeted exploitation," the Android February 2025 Android security updates warn.
According to Google's security advisory , this vulnerability is caused by an out-of-bounds write weakness in the USB Video Class (UVC) driver , which allows "physical escalation of privilege with no additional execution privileges needed" on unpatched devices.
Th
https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4fhttps://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91dhttps://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204aehttps://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38ddhttps://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53104
2024-12-02
Published
2025-02-05
Added to CISA KEV
Exploited in the wild