CVE-2024-53197

Known Exploited
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.24%
KEV Since 
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19 patch
https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7 patch
https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865 patch
https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b patch
https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b patch
https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d patch
https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960 patch
https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca patch
https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40 patch

Frequently Asked Questions

What is the severity of CVE-2024-53197?
CVE-2024-53197 has been scored as a high severity vulnerability.
How to fix CVE-2024-53197?
To fix CVE-2024-53197, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53197 being actively exploited in the wild?
It is confirmed that CVE-2024-53197 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53197?
CVE-2024-53197 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.