CVE-2024-53197

Published Dec 27, 2024

Last updated 3 days ago

Exploit knownCVSS high 7.8
Linux Kernel

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-53197 is a privilege escalation vulnerability found in the USB sub-component of the Linux kernel. It stems from improper handling of the `bNumConfigurations` value in the ALSA USB audio subsystem, which can lead to out-of-bounds memory accesses. This vulnerability could allow an attacker with physical access to the system, through a malicious USB device, to manipulate system memory, potentially escalating privileges or executing arbitrary code. It has been identified as being exploited in targeted attacks, including being part of an exploit chain used to compromise an Android phone in December 2024.

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Out-of-Bounds Access Vulnerability
Exploit added on
Apr 9, 2025
Exploit action due
Apr 30, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Google Sécurité, confirmation d’une exploitation active des failles Android CVE-2024-53150 et CVE-2024-53197. https://t.co/QF06wKfW5j

    @NicolasCoolman

    13 Apr 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🛡️ We added Linux Kernel vulnerabilities CVE-2024-53197 & CVE-2024-53150 to our Known Exploited Vulnerabilities Catalog. Apply mitigations to protect your org from cyberattacks. #InfoSec https://t.co/ROBXiTLbxH

    @GlobalCyberCom

    10 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA has added Linux kernel vulnerabilities CVE-2024-53197 and CVE-2024-53150 to its KEV catalog, warning of active exploitation. Learn how these flaws are used in Android device exploits and what steps to take. https://t.co/o9wzJFdW8n

    @the_yellow_fall

    10 Apr 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔨WhatsApp、リモートコード実行を容易にする脆弱性を修正(CVE-2025-30401) 📱GoogleがAndroidのゼロデイ脆弱性2件を修正、悪用された可能性についても言及(CVE-2024-53197、CVE-2024-53150) 〜サイバーアラート 4月9日〜 https://t.co/ohAKKImzR7 #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    9 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Google has patched two active Android zero-day vulnerabilities CVE-2024-53197 & CVE-2024-53150 being exploited without user interaction. One flaw was used to unlock a student activist's device to install spyware. Patches are available for Android 13-15, but device-specific ht

    @CareWeDoNot

    8 Apr 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Android Security Alert: Google’s April 2025 update patches 62 flaws, incl. 2 zero-days (CVE-2024-53150 & CVE-2024-53197) actively exploited in the wild. Update to patch level 2025-04-01 or later ASAP. #Android #CyberSecurity #PatchNow https://t.co/veLmeXmMOz

    @CloneSystemsInc

    8 Apr 2025

    82 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Google’s April Android update patches 62 flaws—2 are actively exploited! CVE-2024-53150 & CVE-2024-53197 affect Linux kernel USB, used in real-world attacks. Update ASAP to stay secure. https://t.co/wJIraDfvKm #Android #ZeroDay #CyberSecurity #Google #PatchNow

    @dCypherIO

    8 Apr 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Google's April 2025 Android update addresses critical kernel vulnerabilities (CVE-2024-53150, CVE-2024-53197) exploited in attacks. Protect devices with this vital security patch! 🔒📱 #AndroidSecurity #CyberAlerts #USA link: https://t.co/Sj6TbBEPhF https://t.co/BUrqUBA81Q

    @TweetThreatNews

    8 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Google has patched 62 vulnerabilities, including two high-severity flaws (CVE-2024-53150 and CVE-2024-53197) actively exploited in the wild. Update Android devices to ensure security! 🔒 #AndroidUpdate #Vulnerabilities #USA link: https://t.co/6dPXMnccMW https://t.co/HLzOsni16n

    @TweetThreatNews

    8 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 Android Zero-Days Patched Google’s April 2025 update fixes 62 vulns, including 2 actively exploited flaws in the USB kernel component: CVE-2024-53150 Info leak CVE-2024-53197 Privilege escalation 🔒 Part of a known exploit chain used in real-world attacks. https://t.co

    @CareWeDoNot

    8 Apr 2025

    77 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 📢 CiberSeguridad en menos de 5 minutos 📱 Google corrige dos 0-day en Android – CVE-2024-53197 y CVE-2024-53150, una usada por Cellebrite, permiten escalada de privilegios y lectura fuera de límites en el kernel. 🧩 Extensiones maliciosas en VSCode – Más de 300K instalaciones h

    @Seifreed

    8 Apr 2025

    3029 Impressions

    18 Retweets

    111 Likes

    19 Bookmarks

    1 Reply

    1 Quote

  12. 🔥 Google patches 62 security flaws — but 2 were already exploited in the wild. One (CVE-2024-53197) helped hackers break into a Serbian activist’s phone in Dec 2024. 👀 Zero user interaction. Remote takeover. Full story → https://t.co/F1HiWAqbhR

    @TheHackersNews

    8 Apr 2025

    14009 Impressions

    77 Retweets

    140 Likes

    21 Bookmarks

    2 Replies

    1 Quote

  13. Android corregge due zero-day usati da Cellebrite e chiude oltre 60 vulnerabilità critiche Sicurezza Informatica, Android, Android Pixel, cellebrite, CVE-2024-53150, CVE-2024-53197, escalation privilegi, exploit, kernel, NoviSpy, patch, Serbia, usb, vuln… https://t.co/ZTpZ0l37PK

    @matricedigitale

    7 Apr 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I

    @syedaquib77

    28 Feb 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References