SB20241230114 - Out-of-bounds write in Linux kernel usb
Published: December 30, 2024 Updated: March 3, 2025
Security Bulletin ID
SB20241230114
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2024-53197)
The vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19
- https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960
- https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865
- https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b
- https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b
- https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7
- https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca
- https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d
- https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40
- https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/