Vulnerability in Linux Kernel Affects ALSA USB Audio Devices
CVE-2024-53197

Currently unrated

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
27 December 2024

Badges

đź‘ľ Exploit Existsđź“° News Worthy

Summary

A vulnerability has been identified in the Linux kernel related to ALSA (Advanced Linux Sound Architecture) USB audio devices, specifically impacting the Extigy and Mbox models. This issue arises from the misuse of the bNumConfigurations value, which can be manipulated by a malicious device. Such manipulation can exceed the initially allocated value used during the configuration process in usb_get_configuration. Consequently, this may lead to out-of-bounds access in subsequent operations, including usb_destroy_configuration, posing potential risks to system stability and security. It is essential for users of affected products to apply relevant security patches immediately to mitigate any potential exploitation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0b4ea4bfe16566b84645ded1403756a2dc4e0f19

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9b8460a2a7ce478e0b625af7c56d444dc24190f7

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 62dc01c83fa71e10446ee4c31e0e3d5d1291e865

News Articles

favicon imageThe Hacker News

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

Cellebrite's zero-day exploit bypassed an Android lock screen to access a Serbian activist’s phone. Amnesty links attack to Linux kernel flaws.

1 week ago

References

https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded14...
https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c...
https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31...

Timeline

  • đź‘ľ

    Exploit known to exist

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.