PT-2024-10207 · Linux+9 · Linux Kernel+9

Jeongjun Park

Published

2024-09-14

Updated

2025-11-18

CVE-2024-53156

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.0-rc6

Description The issue is related to insufficient verification of conn rsp epid in the htc connect service() function, leading to an array-index-out-of-bounds error. This can cause a denial of service. The error occurs when the index 255 is out of range for the type htc endpoint [22].

Recommendations To resolve the issue, apply the patch that adds a range check for conn rsp epid in htc connect service(). As a temporary workaround, consider restricting access to the vulnerable ath9k driver until the patch is applied.

Exploit

Fix

LPE

RCE

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALT-PU-2024-17893

ALT-PU-2025-12647

AZL-54936

AZL-54951

BDU:2025-00536

CVE-2024-53156

DLA-4075-1

DLA-4076-1

INFSA-2025_6966

OESA-2025-1158

OESA-2025-1162

OESA-2025-1286

OPENSUSE-SU-2025_0117-1

OPENSUSE-SU-2025_0153-1

OPENSUSE-SU-2025_0154-1

OPENSUSE-SU-2025_01610-1

OPENSUSE-SU-2025_01611-1

OPENSUSE-SU-2025_01655-1

OPENSUSE-SU-2025_01656-1

OPENSUSE-SU-2025_01663-1

OPENSUSE-SU-2025_01668-1

OPENSUSE-SU-2025_01669-1

OPENSUSE-SU-2025_01672-1

OPENSUSE-SU-2025_01675-1

OPENSUSE-SU-2025_01676-1

OPENSUSE-SU-2025_01677-1

OPENSUSE-SU-2025_01682-1

OPENSUSE-SU-2025_01683-1

OPENSUSE-SU-2025_01692-1

OPENSUSE-SU-2025_0201-1

OPENSUSE-SU-2025_0202-1

OPENSUSE-SU-2025_0203-1

OPENSUSE-SU-2025_0229-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2025:0117-1

SUSE-SU-2025:0152-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:01590-1

SUSE-SU-2025:01593-1

SUSE-SU-2025:01598-1

SUSE-SU-2025:01601-1

SUSE-SU-2025:01603-1

SUSE-SU-2025:01610-1

SUSE-SU-2025:01611-1

SUSE-SU-2025:01652-1

SUSE-SU-2025:01655-1

SUSE-SU-2025:01656-1

SUSE-SU-2025:01663-1

SUSE-SU-2025:01668-1

SUSE-SU-2025:01669-1

SUSE-SU-2025:01672-1

SUSE-SU-2025:01675-1

SUSE-SU-2025:01676-1

SUSE-SU-2025:01677-1

SUSE-SU-2025:01682-1

SUSE-SU-2025:01683-1

SUSE-SU-2025:01692-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0202-1

SUSE-SU-2025:0203-1

SUSE-SU-2025:0229-1

SUSE-SU-2025:0230-1

SUSE-SU-2025:0231-1

SUSE-SU-2025:0236-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025:20339-1

SUSE-SU-2025:20340-1

SUSE-SU-2025:20349-1

SUSE-SU-2025:20351-1

SUSE-SU-2025:20367-1

SUSE-SU-2025:20368-1

SUSE-SU-2025:4123-1

SUSE-SU-2025_0201-1

SUSE-SU-2025_0201-2

SUSE-SU-2025_0202-1

SUSE-SU-2025_0203-1

SUSE-SU-2025_0236-1

USN-7276-1

USN-7277-1

USN-7310-1

USN-7332-1

USN-7332-2

USN-7332-3

USN-7342-1

USN-7344-1

USN-7344-2

USN-7383-1

USN-7383-2

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7387-1

USN-7387-2

USN-7387-3

USN-7388-1

USN-7389-1

USN-7390-1

USN-7391-1

USN-7392-1

USN-7392-2

USN-7392-3

USN-7392-4

USN-7393-1

USN-7401-1

USN-7403-1

USN-7407-1

USN-7413-1

USN-7421-1

USN-7451-1

USN-7458-1

USN-7459-1

USN-7459-2

USN-7463-1

USN-7468-1

USN-7523-1

USN-7524-1

USN-7539-1

USN-7540-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

Ath9K

PT-2024-10207 · Linux+9 · Linux Kernel+9

CVE-2024-53156

Weakness Enumeration

Related Identifiers

Affected Products

References · 3258