CVE-2024-53104

Published Dec 2, 2024

Last updated a month ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-53104 is a privilege escalation vulnerability found in the Android kernel's USB Video Class (UVC) driver. This driver is primarily used for handling USB cameras and similar video sources. The vulnerability arises from improper parsing of specifically crafted video frames, leading to a memory corruption issue. This could allow an attacker to write to memory locations they shouldn't have access to. Exploitation of this vulnerability could allow for local privilege escalation, potentially enabling a malicious app or specially crafted hardware to gain control of a vulnerable Android device. Google has acknowledged that there are indications of limited, targeted exploitation of this vulnerability. A patch for this vulnerability was incorporated into the open-source kernel at the end of 2024 and is included in the February 2025 Android security update.

Description
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Out-of-Bounds Write Vulnerability
Exploit added on
Feb 5, 2025
Exploit action due
Feb 26, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-787
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. PoC Released for High-Severity Linux Kernel Vulnerability (CVE-2024-53104) https://t.co/ttd3jArFSL

    @Cyberkitera

    8 Mar 2025

    55 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. LinuxカーネルのUVCドライバに存在する重大度高の境界外書き込み脆弱性(CVE-2024-53104)のためのPoCが公開された。この脆弱性は、不正にパースされたUVC_VS_UNDEFINEDフレームが原因でバッファサイズの誤計算を引き起こし、隣接するメモリ領域の上書きが可能となる。 https://t.co/EZF8NtCXve

    @yousukezan

    8 Mar 2025

    791 Impressions

    4 Retweets

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔓🔥 PoC لاستغلال ثغرة الكتابة خارج الحدود في نواة Linux : CVE-2024-53104 🧐⚠️ تفاصيل الثغرة: 📌 المصدر: تنشأ الثغرة من تحليل غير صحيح لإطارات UVC_VS_UNDEFINED داخل وظيفة uvc_parse_format، مما قد يؤدي إلى حساب غير دقيق لحجم المخزن المؤقت، وبالتالي كتابة خارج حدود الذاكرة. 🛠️

    @MahRabie

    8 Mar 2025

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-53104: Out-Of-Bounds (OOB) Write Vulnerability in the Linux Kernel https://t.co/7BlI0rtUcs Today's 1day1line is a Out-of-Bounds Write vulnerability in the uvc_parse_format function of the USB Video Class (UVC) driver, due to incorrect parsing of an undefined frame type

    @hackyboiz

    8 Mar 2025

    3660 Impressions

    11 Retweets

    54 Likes

    27 Bookmarks

    0 Replies

    1 Quote

  5. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    7 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    7 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    5 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. A Serbian activist’s Android phone was unlocked using a zero-day exploit developed by Cellebrite. This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens. CVE-2024-53104 Read Article : https://t.co/2YcVnnvJXf https://t.co/KqhUZS

    @cyb3rf034r3ss

    4 Mar 2025

    1219 Impressions

    8 Retweets

    36 Likes

    16 Bookmarks

    2 Replies

    1 Quote

  9. #Android #Vulnerability CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update https://t.co/3XoiNYtf9i

    @Komodosec

    4 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    3 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. ⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I

    @syedaquib77

    28 Feb 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Hello Samsung. This issue, identified as CVE-2024-53104, Is serious vulnerability. Do we have a fix for this already?

    @SamsungSWUpdate

    18 Feb 2025

    1365 Impressions

    0 Retweets

    22 Likes

    1 Bookmark

    4 Replies

    0 Quotes

  13. CISA KEV 警告 25/02/05:Linux Kernel の脆弱性 CVE-2024-53104 を登録 https://t.co/lmrNIf2nJ5 Linux Kernel の脆弱性が、CISA KEV に登録されました。Android ユーザー向けのアップデートが提供されていますので、ご利用のチームは、ご確認ください。 #CISAKEV #CVE202453104 #CyberAttack… https://t.co/wbyZOahbkk

    @iototsecnews

    14 Feb 2025

    122 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    13 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Android Kernel のゼロデイ CVE-2024-53104 などが FIX:48 件の脆弱性を修正 https://t.co/em91iYZHsF Android の 48件の脆弱性が FIX しました。ゼロデイ脆弱性 CVE-2024-53104 も含まれています。アップデートを忘れないよう、お気をつけください。 #Android #CVE202443047 #CVE202443093… https://t.co/nfGhVQZv8Q

    @iototsecnews

    13 Feb 2025

    65 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    10 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. #CISA has ordered federal agencies to #secure their systems within three weeks against a high-severity Linux kernel flaw (CVE-2024-53104) actively exploited in #cyberattacks. #Cybersecurity #infosec https://t.co/4IsNVDbcqp https://t.co/zgL3GZZBkV

    @twelvesec

    9 Feb 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    9 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    9 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. 🚨 Google lança correção para falha zero-day no kernel do Android🚨 O Google corrigiu a vulnerabilidade CVE-2024-53104 no kernel do Android, que permitia a elevação de privilégios por agentes mal-intencionados. A correção está nas atualizações de segurança de fevereiro de 2025. h

    @ralph_maxi

    8 Feb 2025

    109 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. اهمیت به‌روزرسانی‌های امنیتی اندروید در دنیای دیجیتالی امروز، امنیت اطلاعات کاربران یکی از اولویت‌های اصلی است. اخیراً، گوگل در فوریه ۲۰۲۵ یک آسیب‌پذیری روز صفر (Zero-Day) با شناسه CVE-2024-53104 را شناسایی کرده است که به مهاجمان اجازه می‌دهد تا با سوءاستفاده از این نقص در هسته…

    @united4iran

    7 Feb 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Happy Friday! This week, we’re highlighting an urgent warning from the U.S. Department of Homeland Security regarding a critical #Linux kernel zero-day vulnerability, CVE-2024-53104. While federal agencies are required to patch within three weeks, CISA strongly urges all… https:/

    @vali_cyber

    7 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Google has released critical security patches addressing 48 vulnerabilities, including a high-risk Android kernel zero-day (CVE-2024-53104) affecting USB Video Class drivers. This flaw can lead to memory corruption and arbitrary code execution.

    @maxiujun

    7 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 1/6 @Google's February 2025 @Android security update is here, patching 46 vulnerabilities - including a critical Linux kernel bug (CVE-2024-53104) that is actively being exploited in the wild. Time to update your device! 📲 #AndroidSecurity #Cybersecurity 🚨

    @Eth1calHackrZ

    7 Feb 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    7 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. CVE-2024-53104 is now in CISA's KEV. This is a central point around nanos unikernels - why even have this code if you're deploying to a fake virtual machine (eg: the cloud). Where are you going to stick the USB!? https://t.co/SQ0ySlQXlk

    @nanovms

    6 Feb 2025

    145 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 📱Actualiza siempre Es PRIMORDIAL, que tus dispositivos y aplicaciones estén siempre actualizados Recientemente se ha encontrado una vulnerabilidad en Android (CVE-2024-53104) que afecta el núcleo de Linux y podría haber sido explotada por herramientas forenses para extracción…

    @StarkPrivacy

    6 Feb 2025

    5488 Impressions

    28 Retweets

    96 Likes

    15 Bookmarks

    2 Replies

    0 Quotes

  28. 🚨 #CVE-2024-53104: #Linux Kernel Vulnerability and Its Implications for Cybersecurity https://t.co/bHtdKdeWsV

    @UndercodeNews

    6 Feb 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Critical warning for Linux users: CISA has confirmed active exploitation of a zero-day kernel vulnerability (CVE-2024-53104). Organizations must patch within three weeks to avoid severe risks. Take immediate action to safeguard your systems and prevent potential attacks. https://

    @neoupdate_

    6 Feb 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. На Android виявлено небезпечну вразливість нульового дня. #новини #uazmi #технології Google попереджає користувачів, зокрема власників Galaxy S25 та S24, про критичну вразливість Android. За даними Forbes, проблема (CVE-2024-53104) може використовуватися зловмисниками для… http

    @uazminews

    6 Feb 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2024-53104 The vulnerability CVE-2024-53104 refers to a security flaw in the #Android kernel that allows an elevation of privilege. This specific vulnerability is located in the kernel's USB Video Class driver, allowing an authenticated, local attacker to perform out of… http

    @koodous_project

    6 Feb 2025

    148 Impressions

    2 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🛑Android & Netgearの脆弱性に注意🛑 📱Googleが2月のアップデートでUSB経由で乗っ取られる恐れのある脆弱性 CVE-2024-53104 を修正。 📶Netgearもルーターの脆弱性を修正。リモートで乗っ取られる恐れあり。今すぐアップデートを! 🔗https://t.co/PkUtXUmIis #セキュリティ #脆弱性 #対策 https://t.co/V0nAabPjaw

    @stonebeatsec

    6 Feb 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1258 CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability ============= CVSSスコア:7.8 (Base) / CISA-ADP CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 種別:境界外書き込み(CWE-787 / CISA-ADP)… https://t.co/69Ged2R5O8

    @piyokango

    6 Feb 2025

    4548 Impressions

    2 Retweets

    16 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2024-53104

    @transilienceai

    6 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. CISA has ordered U.S. federal agencies to patch the critical Linux kernel vulnerability (CVE-2024-53104) by Feb 26, 2025, amid active exploitation. Affects Linux & Android devices. 🔒🐧 #LinuxPatch #CISA #USA link: https://t.co/ri17ok1eOG https://t.co/f825yTkrLu

    @TweetThreatNews

    5 Feb 2025

    31 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 #CISO https://t.co/bfnuIIqZKP https://t.co/7yY9Ua4lgB

    @compuchris

    5 Feb 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. تیم امنیتی اندروید برای ۴۷ آسیب پذیری در این سیستم عامل ، پچ جدیدی را منتشر نموده. یکی از مهمترین آسیب پذیری ها مربوط به یکی از درایور های کرنل لینوکس با نام USB Video Class می باشد که دارای کد شناسایی CVE-2024-53104 بوده و امکان اجرای کد یا RCE را می دهد. https://t.co/Poz3aKY03t

    @AmirHossein_sec

    5 Feb 2025

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🔒 Android Security Update – Feb 2025 🔒 Google patches 46 flaws, including CVE-2024-53104, a Linux kernel bug exploited in targeted attacks, possibly by forensic tools. Update to 2025-02-05 for full security fixes. Wear OS gets 1 fix, none for Android Auto. 📱 Details: 🔗… htt

    @dCypherIO

    5 Feb 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Urgent Android update! Google released Feb security patch with a zero-day exploit (CVE-2024-53104) being targeted. Update your phone immediately when available. Includes critical fixes and Play Protect enhancements. Rollout depends on manufacturer/carrier. https://t.co/FvwuOWZ1Z0

    @Jfreeg_

    5 Feb 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🚨 Critical Android Security Alert: New USB vulnerability (CVE-2024-53104) under active exploitation allows device takeover through malicious USB connections. Key actions: ✅ Update Android now ✅ Avoid unknown USB devices ✅ Use trusted charging only Details on kernel… https

    @cipherprojects

    5 Feb 2025

    84 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  41. Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 - https://t.co/8QmfbnlKh0 #thn #infosec

    @mwyres

    4 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Google has fixed a previously unknown vulnerability, CVE-2024-53104, in Android related to the Linux kernel. It may have been exploited by forensic data extraction tools used by law enforcement. The fix is included in the "2025-02-05" security patch. #Android #Security #Privacy

    @ProgresiveRobot

    4 Feb 2025

    64 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  43. Google、2月のAndoroidセキュリティアップデートで悪用されるゼロデイに対処:CVE-2024-53104 https://t.co/iSUoE54Vzr #izumino_trend

    @sec_trend

    4 Feb 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Heads up, Android users! Google just dropped a crucial security update, patching 47 flaws. This includes a nasty one (CVE-2024-53104) already being exploited! Update ASAP to stay safe.

    @corrinsworld

    4 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. 🚨 Google Fixes Android Zero-Day! 🚨 A critical Android security flaw (CVE-2024-53104) is being exploited! Update your device now to stay protected. 🔒📱 Read more, stay updated! 👇 https://t.co/jZGrOIpNSv #Android #Google #cybersecurity https://t.co/YjG8VpcanD

    @GeekFeedNet

    4 Feb 2025

    26 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. ⚠️ Androidユーザーの皆様へ緊急のお知らせ Googleが2025年2月のセキュリティアップデートを緊急リリース 現在、全Androidバージョンに影響する深刻なゼロデイ脆弱性(CVE-2024-53104)が発見されました 実際の標的型攻撃が確認されており、デバイスの権限が危険にさらされる可能性があります… https://t.co/IC0s0YEjOS https://t.co/oM0leihx5S

    @TechTrendsJP

    4 Feb 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 #Google Patches Critical Kernel Vulnerability in #Android Devices: #CVE-2024-53104 https://t.co/z9DhbytTpR

    @UndercodeNews

    4 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Google Patches 47 Android Security #flaws, Including Actively Exploited #CVE-2024-53104 https://t.co/yrVhBXb7b0

    @AdliceSoftware

    4 Feb 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 Read More : https://t.co/MJJHP5Szuo https://t.co/I5jHz6Ekei

    @techpio_team

    4 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Google e Microsoft correggono vulnerabilità critiche in Android e Azure AI Sicurezza Informatica, aggiornamenti sicurezza, AI, Android, azure, CVE-2024-53104, CVE-2025-21415, Face Service, Google, Microsoft Account, patch, vulnerabilità https://t.co/cBmqDATSPC https://t.co/1noSCK

    @matricedigitale

    4 Feb 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations