- Description
- In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Linux Kernel Out-of-Bounds Read Vulnerability
- Exploit added on
- Apr 9, 2025
- Exploit action due
- Apr 30, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
2. Android Cihazlarda Kritik zero day Güvenlik Açıkları Google, Nisan 2025 güvenlik güncellemesi kapsamında Android cihazlarda 62 güvenlik açığını giderdi. Bunlar arasında iki kritik sıfır gün açığı bulunmaktadır: CVE-2024-53150: Kullanıcı etkileşimi olmadan hassas bilgilere
@MuratDemirtas
15 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Sécurité, confirmation d’une exploitation active des failles Android CVE-2024-53150 et CVE-2024-53197. https://t.co/QF06wKfW5j
@NicolasCoolman
13 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-53150
@transilienceai
12 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added Linux Kernel vulnerabilities CVE-2024-53197 & CVE-2024-53150 to our Known Exploited Vulnerabilities Catalog. Apply mitigations to protect your org from cyberattacks. #InfoSec https://t.co/ROBXiTLbxH
@GlobalCyberCom
10 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added Linux kernel vulnerabilities CVE-2024-53197 and CVE-2024-53150 to its KEV catalog, warning of active exploitation. Learn how these flaws are used in Android device exploits and what steps to take. https://t.co/o9wzJFdW8n
@the_yellow_fall
10 Apr 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔨WhatsApp、リモートコード実行を容易にする脆弱性を修正(CVE-2025-30401) 📱GoogleがAndroidのゼロデイ脆弱性2件を修正、悪用された可能性についても言及(CVE-2024-53197、CVE-2024-53150) 〜サイバーアラート 4月9日〜 https://t.co/ohAKKImzR7 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
9 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has patched two active Android zero-day vulnerabilities CVE-2024-53197 & CVE-2024-53150 being exploited without user interaction. One flaw was used to unlock a student activist's device to install spyware. Patches are available for Android 13-15, but device-specific ht
@CareWeDoNot
8 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android Security Alert: Google’s April 2025 update patches 62 flaws, incl. 2 zero-days (CVE-2024-53150 & CVE-2024-53197) actively exploited in the wild. Update to patch level 2025-04-01 or later ASAP. #Android #CyberSecurity #PatchNow https://t.co/veLmeXmMOz
@CloneSystemsInc
8 Apr 2025
82 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Google’s April Android update patches 62 flaws—2 are actively exploited! CVE-2024-53150 & CVE-2024-53197 affect Linux kernel USB, used in real-world attacks. Update ASAP to stay secure. https://t.co/wJIraDfvKm #Android #ZeroDay #CyberSecurity #Google #PatchNow
@dCypherIO
8 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's April 2025 Android update addresses critical kernel vulnerabilities (CVE-2024-53150, CVE-2024-53197) exploited in attacks. Protect devices with this vital security patch! 🔒📱 #AndroidSecurity #CyberAlerts #USA link: https://t.co/Sj6TbBEPhF https://t.co/BUrqUBA81Q
@TweetThreatNews
8 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has patched 62 vulnerabilities, including two high-severity flaws (CVE-2024-53150 and CVE-2024-53197) actively exploited in the wild. Update Android devices to ensure security! 🔒 #AndroidUpdate #Vulnerabilities #USA link: https://t.co/6dPXMnccMW https://t.co/HLzOsni16n
@TweetThreatNews
8 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Linux Kernel USB-Audio Driver Out-of-Bounds Read Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-53150 (CVSS v3 7.1/10) Linux Kernel USB-Audio Driver Out-of-Bounds Read Vulnerability Impact: A successful exploit may allow attackers to access
@CyberxtronTech
8 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Android Zero-Days Patched Google’s April 2025 update fixes 62 vulns, including 2 actively exploited flaws in the USB kernel component: CVE-2024-53150 Info leak CVE-2024-53197 Privilege escalation 🔒 Part of a known exploit chain used in real-world attacks. https://t.co
@CareWeDoNot
8 Apr 2025
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢 CiberSeguridad en menos de 5 minutos 📱 Google corrige dos 0-day en Android – CVE-2024-53197 y CVE-2024-53150, una usada por Cellebrite, permiten escalada de privilegios y lectura fuera de límites en el kernel. 🧩 Extensiones maliciosas en VSCode – Más de 300K instalaciones h
@Seifreed
8 Apr 2025
3029 Impressions
18 Retweets
111 Likes
19 Bookmarks
1 Reply
1 Quote
Android corregge due zero-day usati da Cellebrite e chiude oltre 60 vulnerabilità critiche Sicurezza Informatica, Android, Android Pixel, cellebrite, CVE-2024-53150, CVE-2024-53197, escalation privilegi, exploit, kernel, NoviSpy, patch, Serbia, usb, vuln… https://t.co/ZTpZ0l37PK
@matricedigitale
7 Apr 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53150 Critical Fix for Out-of-Bounds Reads in Linux USB-Audio Drivers In the ... https://t.co/2KNXOsIkHk Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
24 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-53150)[ALSA][usb-audio]OOB reads when finding clock sources https://t.co/fhMSHkISip
@xvonfers
24 Dec 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53150 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver… https://t.co/bxouSUu0Jk
@CVEnew
24 Dec 2024
330 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC7D5C80-B677-4131-A399-3366D7F3961C",
"versionEndExcluding": "5.4.287"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "419FD073-1517-4FD5-8158-F94BC68A1E89",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09AC6122-E2A4-40FE-9D33-268A1B2EC265",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "6.12"
}
],
"operator": "OR"
}
]
}
]