CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

N/A CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.

This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.

🚨 Marked as known exploited on April 8th, 2025 (about 1 month ago).

CVSS Base Severity:

CVSS Base Score:

CVSS Vector:

Vendor: Linux

Product: Linux

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 15.26% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

2024-12-28 00:30:47 UTC
CVE

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
2025-03-06 09:45:29 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-53197
2025-04-08 01:15:25 UTC
CyberInsider

Google Patches Actively Exploited Android Zero-Day Vulnerabilities
2025-04-08 01:16:41 UTC
🚨 Marked as Known Exploited
2025-04-09 18:30:17 UTC
CISA KEV

Linux Kernel Out-of-Bounds Access Vulnerability
2025-04-09 19:30:36 UTC
All CISA Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog