CVE-2024-53197

ENISA EUVD: EUVD-2024-51869 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 4 articles Published: 2024-12-27

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

2.09%

probability

This CVE has a 2.09% probability of being exploited in the next 30 days.

0% Top 84.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.

Affected Products

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

2.6.12 0 4.19.325 5.4.287 5.10.231 5.15.174

linux

linux kernel

debian

debian linux

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <9887d859cd60727432a01564e8f91302d361b72b

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <9b8460a2a7ce478e0b625af7c56d444dc24190f7

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <b8f8b81dabe52b413fe9e062e8a852c48dd0680d

Linux

patch: 0

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <379d3b9799d9da953391e973b934764f01e03960

Linux

patch: 6.6.64

Linux

patch: 5.4.287

Linux

patch: 6.12.2

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <b909df18ce2a998afef81d58bbd1a05dc0788c40

Linux

patch: 6.13

Linux

patch: 4.19.325

Linux

patch: 6.11.11

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <920a369a9f014f10ec282fd298d0666129379f1b

Linux

patch: 6.1.120

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <62dc01c83fa71e10446ee4c31e0e3d5d1291e865

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca

Linux

patch: 5.10.231

Linux

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 <0b4ea4bfe16566b84645ded1403756a2dc4e0f19

Linux

2.6.12

Linux

patch: 5.15.174

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Discovered

Nov. 20, 2024

Patched

April 1, 2025

Reported by

Benoît Sevens of Google's Threat Analysis Group

Root Cause Analysis

???

https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19

https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7

https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865

https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b

https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b

https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d

Signal Intelligence

Confidenceⓘ

78%

EPSS 2.09%

CVSS v3.1 7.8

Mentions 4

Last Seen Apr 07, 2025

CNA Information

CNA Assigner

Linux

CNA Title

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

Analyst Note

CVE-2024-53197 is confirmed as a legitimate kernel vulnerability affecting USB audio devices, with a HIGH CVSS score (7.8) and documented in Google Project Zero, indicating credible security research. The vulnerability involves a memory safety issue (out-of-bounds access) in ALSA USB audio handling for specific device models, which is a well-understood attack vector in kernel code. While not yet in CISA's KEV catalog, the Google Project Zero attribution and availability of fix patches support the confirmed classification.