Updated: 2025-11-19 03:54:19.343901
Description:
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | MEDIUM | 5.8 |
| Added Date | Description | Due Date | Notes |
|---|---|---|---|
| 2025-04-09 | Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code. | 2025-04-30 | This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024122725-CVE-2024-53197-6aef@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53197 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.8 | MEDIUM | Ignored | 2025-05-07 04:16:34 | This flaw is only reachable when a USB audio device that identifies as a Creative Extigy or Digidesi... | |
| CentOS 7 ELS | kernel | 3.10.0 | 5.8 | MEDIUM | Released | CLSA-2025:1747260502 | 2025-05-28 00:30:36 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 5.8 | MEDIUM | Released | CLSA-2025:1747688514 | 2025-05-21 01:45:05 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 5.8 | MEDIUM | Released | CLSA-2025:1747688831 | 2025-05-21 01:45:06 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 5.8 | MEDIUM | Released | CLSA-2025:1747688581 | 2025-05-21 01:45:04 | |
| CloudLinux 7 ELS | kernel | 3.10.0 | 5.8 | MEDIUM | Ignored | 2025-10-31 01:01:50 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 5.8 | MEDIUM | Released | CLSA-2025:1747251218 | 2025-05-16 13:01:01 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 5.8 | MEDIUM | Ignored | 2025-12-24 05:07:33 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 5.8 | MEDIUM | Released | CLSA-2025:1750353839 | 2025-06-20 00:27:28 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.8 | MEDIUM | Released | CLSA-2025:1753083310 | 2025-07-22 00:49:33 |