CVE-2024-53104

Updated: 2025-02-09 04:25:17.848119

Description:

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Known exploits

Added Date Description Due Date Notes
2025-02-05 Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege. 2025-02-26 This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-53104

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1742806909 2025-03-25 03:28:27
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2025:1740142183 2025-02-22 01:12:56
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1739292069 2025-02-26 21:50:34
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2025:1740075135 2025-03-04 21:55:31
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525834 2025-02-14 23:51:15
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1739525795 2025-02-14 23:51:16
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1740071073 2025-02-21 06:36:54
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2025-02-26 07:09:56
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-02-26 07:09:55
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2025:1739352814 2025-02-13 01:18:47
Total: 14