CVE-2024-53150
published 2024-12-24CVE-2024-53150: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio…
PriorityP279high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-04-30
Exploited in the wild
EPSS
1.32%
67.4th percentile
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.123-1 (bookworm) | linux 6.1.123-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.123-1 (bookworm) | linux 6.1.123-1 (bookworm) |
| android | — | — | |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | >= 4.19.84 < 4.20 | 4.20 |
| linux | linux | >= 5.3.11 < 5.4 | 5.4 |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < a632bdcb359fd8145e86486ff8612da98e239acd | a632bdcb359fd8145e86486ff8612da98e239acd |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < 45a92cbc88e4013bfed7fd2ccab3ade45f8e896b | 45a92cbc88e4013bfed7fd2ccab3ade45f8e896b |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9 | ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9 |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < da13ade87a12dd58829278bc816a61bea06a56a9 | da13ade87a12dd58829278bc816a61bea06a56a9 |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < 74cb86e1006c5437b1d90084d22018da30fddc77 | 74cb86e1006c5437b1d90084d22018da30fddc77 |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < ea0fa76f61cf8e932d1d26e6193513230816e11d | ea0fa76f61cf8e932d1d26e6193513230816e11d |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < 096bb5b43edf755bc4477e64004fa3a20539ec2f | 096bb5b43edf755bc4477e64004fa3a20539ec2f |
| linux | linux | >= b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a < a3dd4d63eeb452cfb064a13862fb376ab108f6a6 | a3dd4d63eeb452cfb064a13862fb376ab108f6a6 |
| linux | linux_kernel | < 5.4.287 | 5.4.287 |
| linux | linux_kernel | >= 0 < 5.10.234-1 | 5.10.234-1 |
| linux | linux_kernel | >= 0 < 6.1.123-1 | 6.1.123-1 |
| linux | linux_kernel | >= 0 < 6.12.3-1 | 6.12.3-1 |
| linux | linux_kernel | >= 0 < 6.12.3-1 | 6.12.3-1 |
| linux | linux_kernel | >= 0 < 5.4.0-211.231 | 5.4.0-211.231 |
| linux | linux_kernel | >= 0 < 5.15.0-135.146 | 5.15.0-135.146 |
| linux | linux_kernel | >= 0 < 6.8.0-58.60 | 6.8.0-58.60 |
Detection & IOCsextracted from sources · hover to see the quote
- →Block or prevent loading of the snd-usb-audio kernel module to mitigate exploitation via malicious USB audio devices ↗
- →The vulnerability is triggered by a physically-attached malicious USB device presenting a bogus clock descriptor with a shorter-than-expected bLength, causing out-of-bounds reads in the USB-audio driver; detection should focus on anomalous USB audio device enumeration events ↗
- →Apply Android 2025-04-05 security patch level or later to remediate CVE-2024-53150 in the Android kernel USB component (Android bug reference A-382239029) ↗
- ·The vulnerability requires local/physical access — a malicious USB audio device must be physically connected to trigger the out-of-bounds read; remote exploitation is not applicable ↗
- ·Red Hat Enterprise Linux 10 is listed as Not Affected for this CVE; patch applicability varies by distribution and kernel version ↗
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv8.8HIGH
vulncheck7.1HIGH
cisa7.1HIGH
vendor_ubuntu8.8HIGH
vendor_msrc7.8HIGH
vendor_debian7.1HIGH
vendor_redhat7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-azure-fips vulnerabilities
osv·2025-12-16·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux-azure-fips vulnerabilities
linux-azure-fips vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Mailbox framework;
- Network drivers;
- Ethernet team driver;
- AFS file s
OSV
linux-oracle vulnerabilities
osv·2025-11-19·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux-oracle vulnerabilities
linux-oracle vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Media drivers;
- Ethernet team driver;
- SPI subsystem;
- USB core drivers;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) se
OSV
linux-fips vulnerabilities
osv·2025-11-10·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux-fips vulnerabilities
linux-fips vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Virtio block driver;
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Media drivers;
- Network drivers;
- Ethernet team driver;
- TTY drivers;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network fi
OSV
linux-azure, linux-azure-4.15 vulnerabilities
osv·2025-11-07·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux-azure, linux-azure-4.15 vulnerabilities
linux-azure, linux-azure-4.15 vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2025-11-06·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- TTY drivers;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 netwo
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
osv·2025-10-30·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control
OSV
linux vulnerabilities
osv·2025-10-30·CVSS 7.1
CVE-2025-40300 [HIGH] linux vulnerabilities
linux vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
A security issues was discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- USB sound devices;
(CVE-2024-53150)
OSV
linux-kvm vulnerabilities
osv·2025-10-30·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux-kvm vulnerabilities
linux-kvm vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Timer subsystem;
- DCCP (Datagram Congesti
OSV
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
osv·2025-10-30·CVSS 5.5
CVE-2025-40300 [MEDIUM] linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM l
OSV
Kernel Live Patch Security Notice
osv·2025-05-29·CVSS 7.8
[HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been
resolved: nfsd: fix use-after-free due to delegation race A delegation
break could arrive as soon as we've called vfs_setlease. A delegation break
runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the
delegation to del_recall_lru. If we then exit nfs4_set_delegation without
hashing the delegation, it will be freed as soon as the callback is done
with it, without ever being removed from del_recall_lru. Symptoms show up
later as use-after-free or list corruption warnings, usually in the
laundromat thread. I suspect aba2072f4523 'nfsd: grant read delegations to
clients holding writes' made this bug easier to hit, but I looked as far
back as v3.0 and it looks to me it already had the
OSV
linux-raspi-5.4 vulnerabilities
osv·2025-05-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC archi
OSV
linux-raspi vulnerabilities
osv·2025-05-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architect
OSV
linux-raspi vulnerabilities
osv·2025-05-26
linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto d
OSV
linux-raspi-realtime vulnerabilities
osv·2025-05-20
linux-raspi-realtime vulnerabilities
linux-raspi-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware
OSV
linux-gcp-5.15 vulnerabilities
osv·2025-04-28·CVSS 7.8
CVE-2022-0995 [HIGH] linux-gcp-5.15 vulnerabilities
linux-gcp-5.15 vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data
OSV
linux-azure-nvidia vulnerabilities
osv·2025-04-28·CVSS 8.8
CVE-2024-8805 [HIGH] linux-azure-nvidia vulnerabilities
linux-azure-nvidia vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive informa
OSV
linux-intel-iotg-5.15 vulnerabilities
osv·2025-04-24·CVSS 7.8
CVE-2022-0995 [HIGH] linux-intel-iotg-5.15 vulnerabilities
linux-intel-iotg-5.15 vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
OSV
linux-hwe-6.8 vulnerabilities
osv·2025-04-24
linux-hwe-6.8 vulnerabilities
linux-hwe-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
- EDAC drivers;
- AR
OSV
linux-ibm-5.15 vulnerabilities
osv·2025-04-24
CVE-2025-0927 linux-ibm-5.15 vulnerabilities
linux-ibm-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block d
OSV
linux-ibm-5.4 vulnerabilities
osv·2025-04-24·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-ibm-5.4 vulnerabilities
linux-ibm-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architec
OSV
linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracl
osv·2025-04-23
linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracl
linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock
OSV
linux-realtime vulnerabilities
osv·2025-04-23
linux-realtime vulnerabilities
linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
- EDAC drivers;
- A
OSV
linux-gcp-6.8 vulnerabilities
osv·2025-04-23
linux-gcp-6.8 vulnerabilities
linux-gcp-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
- EDAC drivers;
- AR
OSV
linux-aws-6.8 vulnerabilities
osv·2025-04-23
linux-aws-6.8 vulnerabilities
linux-aws-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link
OSV
linux-gcp, linux-gke, linux-gkeop vulnerabilities
osv·2025-04-23
linux-gcp, linux-gke, linux-gkeop vulnerabilities
linux-gcp, linux-gke, linux-gkeop vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
OSV
linux-azure-5.15, linux-azure-fde-5.15 vulnerabilities
osv·2025-04-07
linux-azure-5.15, linux-azure-fde-5.15 vulnerabilities
linux-azure-5.15, linux-azure-fde-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
- II
OSV
linux-iot vulnerabilities
osv·2025-04-03·CVSS 5.5
CVE-2022-38096 [MEDIUM] linux-iot vulnerabilities
linux-iot vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly
OSV
linux-hwe-5.15 vulnerabilities
osv·2025-04-02
linux-hwe-5.15 vulnerabilities
linux-hwe-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
- IIO ADC drivers;
- IIO sub
OSV
CVE-2024-53150: In validate_clock_selector of clock
osv·2025-04-01
CVE-2024-53150 CVE-2024-53150: In validate_clock_selector of clock
In validate_clock_selector of clock.c, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
linux-aws-fips vulnerabilities
osv·2025-04-01·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-aws-fips vulnerabilities
linux-aws-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 archite
OSV
linux-aws-5.4 vulnerabilities
osv·2025-04-01·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC archite
OSV
linux-aws vulnerabilities
osv·2025-04-01·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-aws vulnerabilities
linux-aws vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture
OSV
linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
osv·2025-03-28
CVE-2025-0927 linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Driver
OSV
linux-fips vulnerabilities
osv·2025-03-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-fips vulnerabilities
linux-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architectu
OSV
linux, linux-hwe-5.4 vulnerabilities
osv·2025-03-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux, linux-hwe-5.4 vulnerabilities
linux, linux-hwe-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Cryptographic API;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-03-28
CVE-2025-0927 linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed bl
OSV
linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities
osv·2025-03-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities
linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibl
OSV
linux-realtime, linux-intel-iot-realtime vulnerabilities
osv·2025-03-28
linux-realtime, linux-intel-iot-realtime vulnerabilities
linux-realtime, linux-intel-iot-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
-
OSV
linux-azure-fips, linux-gcp-fips vulnerabilities
osv·2025-03-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-azure-fips, linux-gcp-fips vulnerabilities
linux-azure-fips, linux-gcp-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architectu
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
osv·2025-03-28
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi v
osv·2025-03-27
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi v
linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA eng
OSV
linux-aws-5.15, linux-kvm vulnerabilities
osv·2025-03-27
CVE-2025-0927 linux-aws-5.15, linux-kvm vulnerabilities
linux-aws-5.15, linux-kvm vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM bac
OSV
linux-oem-6.11 vulnerabilities
osv·2025-02-28
CVE-2025-0927 linux-oem-6.11 vulnerabilities
linux-oem-6.11 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
-
OSV
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
osv·2025-02-19
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- RAM backed block device driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework a
OSV
linux, linux-lowlatency vulnerabilities
osv·2025-02-19
CVE-2025-0927 linux, linux-lowlatency vulnerabilities
linux, linux-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI d
GHSA
GHSA-7vq8-4frp-4vcv: In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current
ghsa_unreviewed·2024-12-24
CVE-2024-53150 [HIGH] CWE-125 GHSA-7vq8-4frp-4vcv: In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at it
OSV
CVE-2024-53150: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current US
osv·2024-12-24·CVSS 7.1
CVE-2024-53150 [HIGH] CVE-2024-53150: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current US
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its ta
VulnCheck
Linux Kernel Out-of-Bounds Read Vulnerability
vulncheck·2024·CVSS 7.1
CVE-2024-53150 [HIGH] CWE-125 Linux Kernel Out-of-Bounds Read Vulnerability
Linux Kernel Out-of-Bounds Read Vulnerability
Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.
Affected: Linux Kernel
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://source.android.com/docs/security/bulletin/2025-04-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025
Remediation Due: 2025-04-30
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities
vendor_ubuntu·2025-12-16·CVSS 5.5
CVE-2024-50067 [MEDIUM] Linux kernel (Azure FIPS) vulnerabilities
Title: Linux kernel (Azure FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Hardware monitoring drivers;
- InfiniBand dri
Ubuntu
Linux kernel (Oracle) vulnerabilities
vendor_ubuntu·2025-11-19·CVSS 5.5
CVE-2023-52650 [MEDIUM] Linux kernel (Oracle) vulnerabilities
Title: Linux kernel (Oracle) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Media drivers;
- Ethernet team driver;
- SPI subsystem;
- USB core drivers;
- Framebuf
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2025-11-17·CVSS 5.5
CVE-2024-50299 [MEDIUM] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
In the Linux kernel, the following vulnerability has been
resolved: net: atlantic: eliminate double free in error handling logic
Driver has a logic leak in ring data allocation/free, where aq_ring_free
could be called multiple times on same ring, if system is under stress and
got memory allocation error.
In the Linux kernel, the following vulnerability has been
resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size
validation fix similar to that in Commit 50619dbf8db7 ('sctp: add size
validation when walking chunks') is also required in sctp_sf_ootb() to
address a crash reported by syzbot: BUG: KMSAN: uninit-value in
sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
sct
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-11-10·CVSS 5.5
CVE-2025-38617 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Virtio block driver;
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Media drivers;
- Network drivers;
- Ethernet team driver;
- TTY d
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-11-07·CVSS 5.5
CVE-2025-38352 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestio
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-11-06·CVSS 5.5
CVE-2024-50299 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- TTY drivers;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Co
Ubuntu
Linux kernel (KVM) vulnerabilities
vendor_ubuntu·2025-10-30·CVSS 5.5
CVE-2025-38352 [MEDIUM] Linux kernel (KVM) vulnerabilities
Title: Linux kernel (KVM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Net
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-10-30·CVSS 5.5
CVE-2023-52574 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Contro
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-10-30·CVSS 7.1
CVE-2024-53150 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
A security issues was discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- USB sound devices;
(CVE-2024-53150)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTIO
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-10-30·CVSS 5.5
CVE-2023-52574 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion
CISA ICS
Siemens Third-Party Components in SINEC OS
cisa_ics·2025-08-14
Siemens Third-Party Components in SINEC OS
ICS Advisory
##
Siemens Third-Party Components in SINEC OS
Release DateAugust 14, 2025
Alert CodeICSA-25-226-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Third-Party Components in SINEC OS
- Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read,
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2025-05-29·CVSS 7.8
CVE-2022-0995 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
In the Linux kernel, the following vulnerability has been
resolved: nfsd: fix use-after-free due to delegation race A delegation
break could arrive as soon as we've called vfs_setlease. A delegation break
runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the
delegation to del_recall_lru. If we then exit nfs4_set_delegation without
hashing the delegation, it will be freed as soon as the callback is done
with it, without ever being removed from del_recall_lru. Symptoms show up
later as use-after-free or list corruption warnings, usually in the
laundromat thread. I suspect aba2072f4523 'nfsd: grant read delegations to
clients holding writes' made this bug easier to hit, but
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-28·CVSS 5.5
CVE-2024-53198 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This upd
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-28·CVSS 5.5
CVE-2025-21731 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This upd
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-26
CVE-2024-56551 Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and drivers;
- Data
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities
vendor_ubuntu·2025-05-20
CVE-2024-57793 Linux kernel (Raspberry Pi Real-time) vulnerabilities
Title: Linux kernel (Raspberry Pi Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and driver
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2025-04-28·CVSS 7.8
CVE-2024-56631 [HIGH] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- D
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities
vendor_ubuntu·2025-04-28·CVSS 8.8
CVE-2024-53083 [HIGH] Linux kernel (Azure, N-Series) vulnerabilities
Title: Linux kernel (Azure, N-Series) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target na
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2025-04-24
CVE-2024-40965 Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsyst
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2025-04-24
CVE-2024-53083 Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware cry
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2025-04-24·CVSS 5.5
CVE-2024-53237 [MEDIUM] Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corre
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2025-04-24·CVSS 7.8
CVE-2024-56631 [HIGH] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drive
Ubuntu
Linux kernel (Real-time) vulnerabilities
vendor_ubuntu·2025-04-23
CVE-2024-53047 Linux kernel (Real-time) vulnerabilities
Title: Linux kernel (Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardwa
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-23
CVE-2024-53047 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto de
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-23
CVE-2024-53083 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-23
CVE-2024-53047 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto de
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-23
CVE-2024-53047 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto de
CISA
Linux Kernel Out-of-Bounds Read Vulnerability
cisa·2025-04-09·CVSS 7.1
CVE-2024-53150 [HIGH] CWE-125 Linux Kernel Out-of-Bounds Read Vulnerability
Vulnerability: Linux Kernel Out-of-Bounds Read Vulnerability
Affected: Linux Kernel
Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024122427-CVE-2024-53150-3a7d@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53150
Rem
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2025-04-07
CVE-2024-57906 Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsys
Ubuntu
Linux kernel (IoT) vulnerabilities
vendor_ubuntu·2025-04-03·CVSS 6.3
CVE-2024-50006 [MEDIUM] Linux kernel (IoT) vulnerabilities
Title: Linux kernel (IoT) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A loca
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2025-04-02
CVE-2024-53685 Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsyste
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53183 [MEDIUM] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corre
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53183 [MEDIUM] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corre
Ubuntu
Linux kernel (AWS FIPS) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53183 [MEDIUM] Linux kernel (AWS FIPS) vulnerabilities
Title: Linux kernel (AWS FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update
Android
CVE-2024-53150: USB
vendor_android·2025-04-01·CVSS 7.1
CVE-2024-53150 [HIGH] CVE-2024-53150: USB
Android Security Bulletin 2025-04-01
CVE: CVE-2024-53150
Severity: HIGH
Type: ID
Component: USB
References: A-382239029
Upstream kernel
[2]
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-50153 Linux kernel (Xilinx ZynqMP) vulnerabilities
Title: Linux kernel (Xilinx ZynqMP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block lay
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-03-28·CVSS 5.5
CVE-2024-50006 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-28·CVSS 5.5
CVE-2024-57900 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Cryptographic API;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC driv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-28·CVSS 5.5
CVE-2024-56633 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects fl
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-53685 Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsyst
Ubuntu
Linux kernel (Real-time) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-53685 Linux kernel (Real-time) vulnerabilities
Title: Linux kernel (Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID su
Ubuntu
Linux kernel (NVIDIA Tegra) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-50153 Linux kernel (NVIDIA Tegra) vulnerabilities
Title: Linux kernel (NVIDIA Tegra) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block laye
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-27
CVE-2024-53151 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- M
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-27
CVE-2024-56724 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-28
CVE-2024-47738 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-19
CVE-2024-47738 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- RAM backed block device driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock fr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-19
CVE-2024-49996 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Red Hat
kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources
vendor_redhat·2024-12-24·CVSS 7.1
CVE-2024-53150 [HIGH] CWE-125 kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources
kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of U
Microsoft
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
vendor_msrc·2024-12-10·CVSS 7.8
CVE-2024-53150 [HIGH] ALSA: usb-audio: Fix out of bounds reads when finding clock sources
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: h
Debian
CVE-2024-53150: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...
vendor_debian·2024·CVSS 7.1
CVE-2024-53150 [HIGH] CVE-2024-53150: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-a...
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its ta
No detection rules found.
No public exploits indexed.
https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2fhttps://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896bhttps://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acdhttps://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11dhttps://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53150
2024-12-24
Published
2025-04-09
Added to CISA KEV
Exploited in the wild