CVE DATABASE / CVE-2024-53197

CVE-2024-53197

Linux Kernel Out-of-Bounds Access Vulnerability

CVSS 7.8 · HIGH ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2025-04-09. Federal remediation due 2025-04-30.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Summary

In the Linux kernel, the following vulnerability has been resolved:ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devicesA bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config.This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

CVSS 3.1 breakdown

Base score	7.8 (HIGH)
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-787

Affected products

Linux linux kernelDebian debian linux

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-11-04. Always verify against the vendor advisory before acting.