CVE-2024-53104

ENISA EUVD: EUVD-2024-51776 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 9 articles Published: 2024-12-02

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

13.22%

probability

This CVE has a 13.22% probability of being exploited in the next 30 days.

0% Top 94.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

Affected Products

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c c0efd232929c2cd87238de2cccdaf4e845be5b0c c0efd232929c2cd87238de2cccdaf4e845be5b0c c0efd232929c2cd87238de2cccdaf4e845be5b0c c0efd232929c2cd87238de2cccdaf4e845be5b0c c0efd232929c2cd87238de2cccdaf4e845be5b0c

Linux

2.6.26 0 4.19.324 5.4.286 5.10.230 5.15.172

debian

debian linux

linux

linux kernel

Linux

patch: 0

Linux

patch: 6.12.1

Linux

patch: 6.6.61

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8

Linux

patch: 5.15.172

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <575a562f7a3ec2d54ff77ab6810e3fbceef2a91d

Linux

patch: 6.13

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <ecf2b43018da9579842c774b7f35dbe11b5c38dd

Linux

patch: 4.19.324

Linux

patch: 6.1.117

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <684022f81f128338fe3587ec967459669a1204ae

Linux

patch: 5.10.230

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <beced2cb09b58c1243733f374c560a55382003d6

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <622ad10aae5f5e03b7927ea95f7f32812f692bb5

Linux

patch: 5.4.286

Linux

2.6.26

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <1ee9d9122801eb688783acd07791f2906b87cb4f

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <467d84dc78c9abf6b217ada22b3fdba336262e29

Linux

c0efd232929c2cd87238de2cccdaf4e845be5b0c <faff5bbb2762c44ec7426037b3000e77a11d6773

Linux

patch: 6.11.8

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Discovered

Nov. 7, 2024

Patched

Feb. 1, 2025

Reported by

Benoît Sevens of Google's Threat Analysis Group

Root Cause Analysis

???

https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8

https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae

https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773

https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29

https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6

https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d

Signal Intelligence

Confidenceⓘ

82%

EPSS 13.22%

CVSS v3.1 7.8

Mentions 9

Last Seen Apr 07, 2025

CNA Information

CNA Assigner

Linux

CNA Title

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Analyst Note

CVE-2024-53104 is confirmed as a real vulnerability in the Linux kernel's uvcvideo driver involving out-of-bounds writes due to improper frame type parsing. The fix has been merged upstream, and the HIGH severity CVSS score (7.8) reflects the potential for memory corruption attacks, supported by multiple credible news sources documenting the issue.