cbcvebase.
CVE-2024-53150
published 2024-12-24

CVE-2024-53150: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio…

PriorityP279high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-04-30
Exploited in the wild
EPSS
1.32%
67.4th percentile
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.

Affected

44 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 6.1.123-1 (bookworm)linux 6.1.123-1 (bookworm)
debianlinux-6.1< linux 6.1.123-1 (bookworm)linux 6.1.123-1 (bookworm)
googleandroid
linuxlinux
linuxlinux
linuxlinux
linuxlinux>= 4.19.84 < 4.204.20
linuxlinux>= 5.3.11 < 5.45.4
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < a632bdcb359fd8145e86486ff8612da98e239acda632bdcb359fd8145e86486ff8612da98e239acd
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < 45a92cbc88e4013bfed7fd2ccab3ade45f8e896b45a92cbc88e4013bfed7fd2ccab3ade45f8e896b
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < da13ade87a12dd58829278bc816a61bea06a56a9da13ade87a12dd58829278bc816a61bea06a56a9
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < 74cb86e1006c5437b1d90084d22018da30fddc7774cb86e1006c5437b1d90084d22018da30fddc77
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < ea0fa76f61cf8e932d1d26e6193513230816e11dea0fa76f61cf8e932d1d26e6193513230816e11d
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < 096bb5b43edf755bc4477e64004fa3a20539ec2f096bb5b43edf755bc4477e64004fa3a20539ec2f
linuxlinux>= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < a3dd4d63eeb452cfb064a13862fb376ab108f6a6a3dd4d63eeb452cfb064a13862fb376ab108f6a6
linuxlinux_kernel< 5.4.2875.4.287
linuxlinux_kernel>= 0 < 5.10.234-15.10.234-1
linuxlinux_kernel>= 0 < 6.1.123-16.1.123-1
linuxlinux_kernel>= 0 < 6.12.3-16.12.3-1
linuxlinux_kernel>= 0 < 6.12.3-16.12.3-1
linuxlinux_kernel>= 0 < 5.4.0-211.2315.4.0-211.231
linuxlinux_kernel>= 0 < 5.15.0-135.1465.15.0-135.146
linuxlinux_kernel>= 0 < 6.8.0-58.606.8.0-58.60

Detection & IOCsextracted from sources · hover to see the quote

  • Block or prevent loading of the snd-usb-audio kernel module to mitigate exploitation via malicious USB audio devices
  • The vulnerability is triggered by a physically-attached malicious USB device presenting a bogus clock descriptor with a shorter-than-expected bLength, causing out-of-bounds reads in the USB-audio driver; detection should focus on anomalous USB audio device enumeration events
  • Apply Android 2025-04-05 security patch level or later to remediate CVE-2024-53150 in the Android kernel USB component (Android bug reference A-382239029)
  • ·The vulnerability requires local/physical access — a malicious USB audio device must be physically connected to trigger the out-of-bounds read; remote exploitation is not applicable
  • ·Red Hat Enterprise Linux 10 is listed as Not Affected for this CVE; patch applicability varies by distribution and kernel version

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv8.8HIGH
vulncheck7.1HIGH
cisa7.1HIGH
vendor_ubuntu8.8HIGH
vendor_msrc7.8HIGH
vendor_debian7.1HIGH
vendor_redhat7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.