AI description
CVE-2024-53104 is a privilege escalation vulnerability found in the Android kernel's USB Video Class (UVC) driver. This driver is primarily used for handling USB cameras and similar video sources. The vulnerability arises from improper parsing of specifically crafted video frames, leading to a memory corruption issue. This could allow an attacker to write to memory locations they shouldn't have access to. Exploitation of this vulnerability could allow for local privilege escalation, potentially enabling a malicious app or specially crafted hardware to gain control of a vulnerable Android device. Google has acknowledged that there are indications of limited, targeted exploitation of this vulnerability. A patch for this vulnerability was incorporated into the open-source kernel at the end of 2024 and is included in the February 2025 Android security update.
- Description
- In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Linux Kernel Out-of-Bounds Write Vulnerability
- Exploit added on
- Feb 5, 2025
- Exploit action due
- Feb 26, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
PoC Released for High-Severity Linux Kernel Vulnerability (CVE-2024-53104) https://t.co/ttd3jArFSL
@Cyberkitera
8 Mar 2025
55 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
LinuxカーネルのUVCドライバに存在する重大度高の境界外書き込み脆弱性(CVE-2024-53104)のためのPoCが公開された。この脆弱性は、不正にパースされたUVC_VS_UNDEFINEDフレームが原因でバッファサイズの誤計算を引き起こし、隣接するメモリ領域の上書きが可能となる。 https://t.co/EZF8NtCXve
@yousukezan
8 Mar 2025
791 Impressions
4 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
🔓🔥 PoC لاستغلال ثغرة الكتابة خارج الحدود في نواة Linux : CVE-2024-53104 🧐⚠️ تفاصيل الثغرة: 📌 المصدر: تنشأ الثغرة من تحليل غير صحيح لإطارات UVC_VS_UNDEFINED داخل وظيفة uvc_parse_format، مما قد يؤدي إلى حساب غير دقيق لحجم المخزن المؤقت، وبالتالي كتابة خارج حدود الذاكرة. 🛠️
@MahRabie
8 Mar 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53104: Out-Of-Bounds (OOB) Write Vulnerability in the Linux Kernel https://t.co/7BlI0rtUcs Today's 1day1line is a Out-of-Bounds Write vulnerability in the uvc_parse_format function of the USB Video Class (UVC) driver, due to incorrect parsing of an undefined frame type
@hackyboiz
8 Mar 2025
3660 Impressions
11 Retweets
54 Likes
27 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2024-53104
@transilienceai
7 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
7 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
5 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Serbian activist’s Android phone was unlocked using a zero-day exploit developed by Cellebrite. This attack leveraged a vulnerability in Android USB drivers, enabling attackers to bypass lock screens. CVE-2024-53104 Read Article : https://t.co/2YcVnnvJXf https://t.co/KqhUZS
@cyb3rf034r3ss
4 Mar 2025
1219 Impressions
8 Retweets
36 Likes
16 Bookmarks
2 Replies
1 Quote
#Android #Vulnerability CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update https://t.co/3XoiNYtf9i
@Komodosec
4 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
3 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I
@syedaquib77
28 Feb 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hello Samsung. This issue, identified as CVE-2024-53104, Is serious vulnerability. Do we have a fix for this already?
@SamsungSWUpdate
18 Feb 2025
1365 Impressions
0 Retweets
22 Likes
1 Bookmark
4 Replies
0 Quotes
CISA KEV 警告 25/02/05:Linux Kernel の脆弱性 CVE-2024-53104 を登録 https://t.co/lmrNIf2nJ5 Linux Kernel の脆弱性が、CISA KEV に登録されました。Android ユーザー向けのアップデートが提供されていますので、ご利用のチームは、ご確認ください。 #CISAKEV #CVE202453104 #CyberAttack… https://t.co/wbyZOahbkk
@iototsecnews
14 Feb 2025
122 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
13 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Android Kernel のゼロデイ CVE-2024-53104 などが FIX:48 件の脆弱性を修正 https://t.co/em91iYZHsF Android の 48件の脆弱性が FIX しました。ゼロデイ脆弱性 CVE-2024-53104 も含まれています。アップデートを忘れないよう、お気をつけください。 #Android #CVE202443047 #CVE202443093… https://t.co/nfGhVQZv8Q
@iototsecnews
13 Feb 2025
65 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
10 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CISA has ordered federal agencies to #secure their systems within three weeks against a high-severity Linux kernel flaw (CVE-2024-53104) actively exploited in #cyberattacks. #Cybersecurity #infosec https://t.co/4IsNVDbcqp https://t.co/zgL3GZZBkV
@twelvesec
9 Feb 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
9 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
9 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Google lança correção para falha zero-day no kernel do Android🚨 O Google corrigiu a vulnerabilidade CVE-2024-53104 no kernel do Android, que permitia a elevação de privilégios por agentes mal-intencionados. A correção está nas atualizações de segurança de fevereiro de 2025. h
@ralph_maxi
8 Feb 2025
109 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
اهمیت بهروزرسانیهای امنیتی اندروید در دنیای دیجیتالی امروز، امنیت اطلاعات کاربران یکی از اولویتهای اصلی است. اخیراً، گوگل در فوریه ۲۰۲۵ یک آسیبپذیری روز صفر (Zero-Day) با شناسه CVE-2024-53104 را شناسایی کرده است که به مهاجمان اجازه میدهد تا با سوءاستفاده از این نقص در هسته…
@united4iran
7 Feb 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy Friday! This week, we’re highlighting an urgent warning from the U.S. Department of Homeland Security regarding a critical #Linux kernel zero-day vulnerability, CVE-2024-53104. While federal agencies are required to patch within three weeks, CISA strongly urges all… https:/
@vali_cyber
7 Feb 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has released critical security patches addressing 48 vulnerabilities, including a high-risk Android kernel zero-day (CVE-2024-53104) affecting USB Video Class drivers. This flaw can lead to memory corruption and arbitrary code execution.
@maxiujun
7 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 @Google's February 2025 @Android security update is here, patching 46 vulnerabilities - including a critical Linux kernel bug (CVE-2024-53104) that is actively being exploited in the wild. Time to update your device! 📲 #AndroidSecurity #Cybersecurity 🚨
@Eth1calHackrZ
7 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
7 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-53104 is now in CISA's KEV. This is a central point around nanos unikernels - why even have this code if you're deploying to a fake virtual machine (eg: the cloud). Where are you going to stick the USB!? https://t.co/SQ0ySlQXlk
@nanovms
6 Feb 2025
145 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
📱Actualiza siempre Es PRIMORDIAL, que tus dispositivos y aplicaciones estén siempre actualizados Recientemente se ha encontrado una vulnerabilidad en Android (CVE-2024-53104) que afecta el núcleo de Linux y podría haber sido explotada por herramientas forenses para extracción…
@StarkPrivacy
6 Feb 2025
5488 Impressions
28 Retweets
96 Likes
15 Bookmarks
2 Replies
0 Quotes
🚨 #CVE-2024-53104: #Linux Kernel Vulnerability and Its Implications for Cybersecurity https://t.co/bHtdKdeWsV
@UndercodeNews
6 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical warning for Linux users: CISA has confirmed active exploitation of a zero-day kernel vulnerability (CVE-2024-53104). Organizations must patch within three weeks to avoid severe risks. Take immediate action to safeguard your systems and prevent potential attacks. https://
@neoupdate_
6 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
На Android виявлено небезпечну вразливість нульового дня. #новини #uazmi #технології Google попереджає користувачів, зокрема власників Galaxy S25 та S24, про критичну вразливість Android. За даними Forbes, проблема (CVE-2024-53104) може використовуватися зловмисниками для… http
@uazminews
6 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53104 The vulnerability CVE-2024-53104 refers to a security flaw in the #Android kernel that allows an elevation of privilege. This specific vulnerability is located in the kernel's USB Video Class driver, allowing an authenticated, local attacker to perform out of… http
@koodous_project
6 Feb 2025
148 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑Android & Netgearの脆弱性に注意🛑 📱Googleが2月のアップデートでUSB経由で乗っ取られる恐れのある脆弱性 CVE-2024-53104 を修正。 📶Netgearもルーターの脆弱性を修正。リモートで乗っ取られる恐れあり。今すぐアップデートを! 🔗https://t.co/PkUtXUmIis #セキュリティ #脆弱性 #対策 https://t.co/V0nAabPjaw
@stonebeatsec
6 Feb 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1258 CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability ============= CVSSスコア:7.8 (Base) / CISA-ADP CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 種別:境界外書き込み(CWE-787 / CISA-ADP)… https://t.co/69Ged2R5O8
@piyokango
6 Feb 2025
4548 Impressions
2 Retweets
16 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53104
@transilienceai
6 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA has ordered U.S. federal agencies to patch the critical Linux kernel vulnerability (CVE-2024-53104) by Feb 26, 2025, amid active exploitation. Affects Linux & Android devices. 🔒🐧 #LinuxPatch #CISA #USA link: https://t.co/ri17ok1eOG https://t.co/f825yTkrLu
@TweetThreatNews
5 Feb 2025
31 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 #CISO https://t.co/bfnuIIqZKP https://t.co/7yY9Ua4lgB
@compuchris
5 Feb 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تیم امنیتی اندروید برای ۴۷ آسیب پذیری در این سیستم عامل ، پچ جدیدی را منتشر نموده. یکی از مهمترین آسیب پذیری ها مربوط به یکی از درایور های کرنل لینوکس با نام USB Video Class می باشد که دارای کد شناسایی CVE-2024-53104 بوده و امکان اجرای کد یا RCE را می دهد. https://t.co/Poz3aKY03t
@AmirHossein_sec
5 Feb 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔒 Android Security Update – Feb 2025 🔒 Google patches 46 flaws, including CVE-2024-53104, a Linux kernel bug exploited in targeted attacks, possibly by forensic tools. Update to 2025-02-05 for full security fixes. Wear OS gets 1 fix, none for Android Auto. 📱 Details: 🔗… htt
@dCypherIO
5 Feb 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Urgent Android update! Google released Feb security patch with a zero-day exploit (CVE-2024-53104) being targeted. Update your phone immediately when available. Includes critical fixes and Play Protect enhancements. Rollout depends on manufacturer/carrier. https://t.co/FvwuOWZ1Z0
@Jfreeg_
5 Feb 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Android Security Alert: New USB vulnerability (CVE-2024-53104) under active exploitation allows device takeover through malicious USB connections. Key actions: ✅ Update Android now ✅ Avoid unknown USB devices ✅ Use trusted charging only Details on kernel… https
@cipherprojects
5 Feb 2025
84 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 - https://t.co/8QmfbnlKh0 #thn #infosec
@mwyres
4 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has fixed a previously unknown vulnerability, CVE-2024-53104, in Android related to the Linux kernel. It may have been exploited by forensic data extraction tools used by law enforcement. The fix is included in the "2025-02-05" security patch. #Android #Security #Privacy
@ProgresiveRobot
4 Feb 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Google、2月のAndoroidセキュリティアップデートで悪用されるゼロデイに対処:CVE-2024-53104 https://t.co/iSUoE54Vzr #izumino_trend
@sec_trend
4 Feb 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Heads up, Android users! Google just dropped a crucial security update, patching 47 flaws. This includes a nasty one (CVE-2024-53104) already being exploited! Update ASAP to stay safe.
@corrinsworld
4 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Google Fixes Android Zero-Day! 🚨 A critical Android security flaw (CVE-2024-53104) is being exploited! Update your device now to stay protected. 🔒📱 Read more, stay updated! 👇 https://t.co/jZGrOIpNSv #Android #Google #cybersecurity https://t.co/YjG8VpcanD
@GeekFeedNet
4 Feb 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Androidユーザーの皆様へ緊急のお知らせ Googleが2025年2月のセキュリティアップデートを緊急リリース 現在、全Androidバージョンに影響する深刻なゼロデイ脆弱性(CVE-2024-53104)が発見されました 実際の標的型攻撃が確認されており、デバイスの権限が危険にさらされる可能性があります… https://t.co/IC0s0YEjOS https://t.co/oM0leihx5S
@TechTrendsJP
4 Feb 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Google Patches Critical Kernel Vulnerability in #Android Devices: #CVE-2024-53104 https://t.co/z9DhbytTpR
@UndercodeNews
4 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches 47 Android Security #flaws, Including Actively Exploited #CVE-2024-53104 https://t.co/yrVhBXb7b0
@AdliceSoftware
4 Feb 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 Read More : https://t.co/MJJHP5Szuo https://t.co/I5jHz6Ekei
@techpio_team
4 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google e Microsoft correggono vulnerabilità critiche in Android e Azure AI Sicurezza Informatica, aggiornamenti sicurezza, AI, Android, azure, CVE-2024-53104, CVE-2025-21415, Face Service, Google, Microsoft Account, patch, vulnerabilità https://t.co/cBmqDATSPC https://t.co/1noSCK
@matricedigitale
4 Feb 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68D54A7F-73FB-4CC5-AA42-317A87945790",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "2.6.26"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "4.20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "822EAD12-FA29-4559-BAC2-8AEFC53F6D37",
"versionEndExcluding": "6.12.1",
"versionStartIncluding": "6.12"
}
],
"operator": "OR"
}
]
}
]