cbcvebase.
CVE-2024-53197
published 2024-12-27

CVE-2024-53197: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus…

PriorityP278high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-04-30
Exploited in the wild
EPSS
3.56%
87.9th percentile
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 6.1.123-1 (bookworm)linux 6.1.123-1 (bookworm)
debianlinux-6.1< linux 6.1.123-1 (bookworm)linux 6.1.123-1 (bookworm)
googleandroid
linuxlinux
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0b4ea4bfe16566b84645ded1403756a2dc4e0f190b4ea4bfe16566b84645ded1403756a2dc4e0f19
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9b8460a2a7ce478e0b625af7c56d444dc24190f79b8460a2a7ce478e0b625af7c56d444dc24190f7
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 62dc01c83fa71e10446ee4c31e0e3d5d1291e86562dc01c83fa71e10446ee4c31e0e3d5d1291e865
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9887d859cd60727432a01564e8f91302d361b72b9887d859cd60727432a01564e8f91302d361b72b
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 920a369a9f014f10ec282fd298d0666129379f1b920a369a9f014f10ec282fd298d0666129379f1b
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b8f8b81dabe52b413fe9e062e8a852c48dd0680db8f8b81dabe52b413fe9e062e8a852c48dd0680d
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 379d3b9799d9da953391e973b934764f01e03960379d3b9799d9da953391e973b934764f01e03960
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b521b53ac6eb04e41c03f46f7fe452e4d8e9bccab521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
linuxlinux>= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b909df18ce2a998afef81d58bbd1a05dc0788c40b909df18ce2a998afef81d58bbd1a05dc0788c40
linuxlinux_kernel>= 0 < 5.10.234-15.10.234-1
linuxlinux_kernel>= 0 < 6.1.123-16.1.123-1
linuxlinux_kernel>= 0 < 6.12.3-16.12.3-1
linuxlinux_kernel>= 0 < 6.12.3-16.12.3-1
linuxlinux_kernel>= 0 < 5.4.0-211.2315.4.0-211.231
linuxlinux_kernel>= 0 < 5.15.0-135.1465.15.0-135.146
linuxlinux_kernel>= 0 < 6.8.0-58.606.8.0-58.60
linuxlinux_kernel>= 0 < 6.11.0-18.186.11.0-18.18
linuxlinux_kernel>= 0 < 3.13.0-210.2613.13.0-210.261
linuxlinux_kernel>= 0 < 4.4.0-270.3044.4.0-270.304
linuxlinux_kernel>= 0 < 4.4.0-278.3124.4.0-278.312

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-53197 is exploited via a malicious USB device physically connected to the target system, targeting the Linux kernel ALSA USB-audio driver (usb-audio). Detection should focus on anomalous USB device enumeration events, especially devices presenting a bNumConfigurations value that exceeds expected bounds.
  • The vulnerability is in the ALSA usb-audio subsystem; specifically, a bogus device can supply a bNumConfigurations value exceeding the allocation in usb_get_configuration, leading to out-of-bounds access in usb_destroy_configuration. Monitor kernel logs for out-of-bounds access faults in usb-audio or USB configuration handling code paths.
  • ·Exploitation requires physical access to the target device via USB. Remote exploitation is not indicated; threat model is limited to scenarios where an adversary can connect a malicious USB audio device.
  • ·Android OEM patch timelines vary; Google Pixel devices receive patches immediately, but other vendors may lag. Verify patch level 2025-04-05 or later is applied to confirm remediation on Android devices.
  • ·Fixes were shared with Android OEM partners in a partner advisory on January 18 (prior to public disclosure), meaning some OEMs may have already shipped patches before the April 2025 bulletin.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck7.8HIGH
cisa7.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.