CVE-2024-53150

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 3 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

1.12%

probability

This CVE has a 1.12% probability of being exploited in the next 30 days.

0% Top 78.5th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

OOB read in ALSA USB

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-125 · Out-of-bounds Read CWE-664 · Improper Control of a Resource Through its Lifetime

Google Project Zero

Discovered

Nov. 25, 2024

Patched

April 1, 2025

Reported by

Benoît Sevens of Google's Threat Analysis Group

Root Cause Analysis

???

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

TheHackerNews

Google fixes Android zero-days exploited in attacks, 60 other flaws

BleepingComputer Apr 07, 2025

CVE-2024-53150 ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Microsoft-MSRC Feb 18, 2026

Signal Intelligence

Confidenceⓘ

78%

EPSS 1.12%

Mentions 3

Last Seen Feb 18, 2026

CNA Information

Analyst Note

This CVE describes a genuine out-of-bounds read vulnerability in the Linux kernel's USB-audio driver caused by insufficient descriptor length validation, with a HIGH CVSS score of 7.1. Confirmation is supported by its inclusion in Google Project Zero's tracking and coverage by reputable security sources, though it currently lacks CISA KEV listing and public exploit evidence.

Threat Actors 3

Hacking Team

apt_group 🇮🇹 IT

Group 27

apt_group Information theft and espionage 🇨🇳 CN

Soft Cell

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026