Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

INFO

Published Date :

2024-12-27T13:49:39.260Z

Last Modified :

2025-11-03T20:47:29.910Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53197 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
  • Openshift
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Extras Rt Els
  • Rhel Tus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53197.

URL Resource
https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19 cve-icon cve-icon
https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960 cve-icon cve-icon
https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865 cve-icon cve-icon
https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b cve-icon cve-icon
https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b cve-icon cve-icon
https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7 cve-icon cve-icon
https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca cve-icon cve-icon
https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d cve-icon cve-icon
https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024122725-CVE-2024-53197-6aef@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-53197 cve-icon
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/ cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53197 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-53197 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact