PT-2024-10201 · Linux+11 · Linux Kernel+11

Benoît Sevens

·

Published

2024-11-19

·

Updated

2025-12-16

·

CVE-2024-53150

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to out-of-bounds reads in the Linux kernel's USB Audio driver. The current USB-audio driver code does not check the bLength of each descriptor when traversing for clock descriptors, which can lead to out-of-bounds reads if a device provides a bogus descriptor with a shorter bLength. This issue can be exploited by an attacker with physical access to the system, allowing them to gain additional access by reading arbitrary system memory. The vulnerability can also lead to local information disclosure with no additional execution privileges needed.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:3893
ALSA-2025:3894
ALSA-2025:3937
ALT-PU-2024-17893
ALT-PU-2025-12647
ASB-A-382239029
AZL-54990
AZL-54996
BDU:2025-00530
CESA-2025_3893
CESA-2025_3894
CVE-2024-53150
DLA-4075-1
DLA-4076-1
INFSA-2025_3893
INFSA-2025_3894
INFSA-2025_3937
LSN-0112-1
LSN-0116-1
OESA-2025-1014
OESA-2025-1015
OESA-2025-1016
OESA-2025-1067
OESA-2025-1078
OESA-2025-1079
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0229-1
RHSA-2025:3827
RHSA-2025:3832
RHSA-2025:3838
RHSA-2025:3839
RHSA-2025:3861
RHSA-2025:3871
RHSA-2025:3880
RHSA-2025:3887
RHSA-2025:3888
RHSA-2025:3889
RHSA-2025:3893
RHSA-2025:3894
RHSA-2025:3901
RHSA-2025:3903
RHSA-2025:3931
RHSA-2025:3935
RHSA-2025:3937
RHSA-2025_3893
RHSA-2025_3894
RHSA-2025_3937
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0229-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
SUSE-SU-2025_0236-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1
USN-7850-1
USN-7853-1
USN-7853-2
USN-7853-3
USN-7854-1
USN-7863-1
USN-7865-1
USN-7875-1
USN-7937-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu