Exploited
high
7.8
CWE
787
Advisory Published
Updated

CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability

First published: Fri Dec 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.133-1
6.12.21-1
6.12.22-1
debian/linux-6.1
6.1.129-1~deb11u1
Linux Kernel>=2.6.12<4.19.325
Linux Kernel>=4.20<5.4.287
Linux Kernel>=5.5<5.10.231
Linux Kernel>=5.11<5.15.174
Linux Kernel>=5.16<6.1.120
Linux Kernel>=6.2<6.6.64
Linux Kernel>=6.7<6.11.11
Linux Kernel>=6.12<6.12.2

Remedy

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Remedy

https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19

Remedy

https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960

Remedy

https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865

Remedy

https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b

Remedy

https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b

Remedy

https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7

Remedy

https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca

Remedy

https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d

Remedy

https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of CVE-2024-53197?

    CVE-2024-53197 has a medium severity rating due to its potential to cause out-of-bound access in certain ALSA usb-audio devices.

  • How do I fix CVE-2024-53197?

    To fix CVE-2024-53197, ensure you update your Linux kernel to the latest version that includes the patch addressing this vulnerability.

  • What software is affected by CVE-2024-53197?

    CVE-2024-53197 affects the Linux Kernel, specifically impacting ALSA usb-audio drivers for Extigy and Mbox devices.

  • What are the potential impacts of CVE-2024-53197?

    The potential impacts of CVE-2024-53197 may include system instability or crashes due to out-of-bounds access in the affected devices.

  • When was CVE-2024-53197 reported?

    CVE-2024-53197 was reported as a vulnerability in the Linux kernel affecting ALSA usb-audio functionality.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203