Vulnerability-Lookup

alsa-2025:3893

Vulnerability from osv_almalinux

Published

2025-04-15 00:00

Modified

2025-04-15 14:21

Summary

Moderate: kernel security update

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)
kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (CVE-2024-53150)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:3893	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-53150	REPORT
	https://access.redhat.com/security/cve/CVE-2024-53241	REPORT
	https://bugzilla.redhat.com/2331326	REPORT
	https://bugzilla.redhat.com/2333971	REPORT
	https://errata.almalinux.org/8/ALSA-2025-3893.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bpftool"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-abi-stablelists"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-cross-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-553.50.1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.  \n\nSecurity Fix(es):  \n\n  * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)\n  * kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (CVE-2024-53150)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:3893",
  "modified": "2025-04-15T14:21:27Z",
  "published": "2025-04-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:3893"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-53150"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-53241"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2331326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2333971"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-3893.html"
    }
  ],
  "related": [
    "CVE-2024-53241",
    "CVE-2024-53150"
  ],
  "summary": "Moderate: kernel security update"
}

CVE-2024-53241 (GCVE-0-2024-53241)

Vulnerability from cvelistv5 – Published: 2024-12-24 09:24 – Updated: 2026-01-05 10:55

Title

x86/xen: don't do PV iret hypercall through hypercall page

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/05df6e6cd9a76b778…
	https://git.kernel.org/stable/c/c7b4cfa6213a44fa4…
	https://git.kernel.org/stable/c/fa719857f613fed94…
	https://git.kernel.org/stable/c/82c211ead1ec440db…
	https://git.kernel.org/stable/c/f7c3fdad0a474062d…
	https://git.kernel.org/stable/c/a2796dff62d6c6bfc…

Impacted products

Vendor

Product

Version

Linux

Affected: cdacc1278b12d929f9a053c245ff3d16eb7af9f8 , < 05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5 (git)
Affected: cdacc1278b12d929f9a053c245ff3d16eb7af9f8 , < c7b4cfa6213a44fa48714186dfdf125072d036e3 (git)
Affected: cdacc1278b12d929f9a053c245ff3d16eb7af9f8 , < fa719857f613fed94a79da055b13ca51214c694f (git)
Affected: cdacc1278b12d929f9a053c245ff3d16eb7af9f8 , < 82c211ead1ec440dbf81727e17b03b5e3c44b93d (git)
Affected: cdacc1278b12d929f9a053c245ff3d16eb7af9f8 , < f7c3fdad0a474062d566aae3289d490d7e702d30 (git)
Affected: cdacc1278b12d929f9a053c245ff3d16eb7af9f8 , < a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906 (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 5.10.232 , ≤ 5.10.* (semver)
Unaffected: 5.15.175 , ≤ 5.15.* (semver)
Unaffected: 6.1.121 , ≤ 6.1.* (semver)
Unaffected: 6.6.67 , ≤ 6.6.* (semver)
Unaffected: 6.12.6 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:48:13.749Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://xenbits.xen.org/xsa/advisory-466.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/17/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/23/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/05/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/05/2"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/xen/xen-asm.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5",
              "status": "affected",
              "version": "cdacc1278b12d929f9a053c245ff3d16eb7af9f8",
              "versionType": "git"
            },
            {
              "lessThan": "c7b4cfa6213a44fa48714186dfdf125072d036e3",
              "status": "affected",
              "version": "cdacc1278b12d929f9a053c245ff3d16eb7af9f8",
              "versionType": "git"
            },
            {
              "lessThan": "fa719857f613fed94a79da055b13ca51214c694f",
              "status": "affected",
              "version": "cdacc1278b12d929f9a053c245ff3d16eb7af9f8",
              "versionType": "git"
            },
            {
              "lessThan": "82c211ead1ec440dbf81727e17b03b5e3c44b93d",
              "status": "affected",
              "version": "cdacc1278b12d929f9a053c245ff3d16eb7af9f8",
              "versionType": "git"
            },
            {
              "lessThan": "f7c3fdad0a474062d566aae3289d490d7e702d30",
              "status": "affected",
              "version": "cdacc1278b12d929f9a053c245ff3d16eb7af9f8",
              "versionType": "git"
            },
            {
              "lessThan": "a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906",
              "status": "affected",
              "version": "cdacc1278b12d929f9a053c245ff3d16eb7af9f8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/xen/xen-asm.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.67",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.232",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.175",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.121",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.67",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.6",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: don\u0027t do PV iret hypercall through hypercall page\n\nInstead of jumping to the Xen hypercall page for doing the iret\nhypercall, directly code the required sequence in xen-asm.S.\n\nThis is done in preparation of no longer using hypercall page at all,\nas it has shown to cause problems with speculation mitigations.\n\nThis is part of XSA-466 / CVE-2024-53241."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:49.304Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7b4cfa6213a44fa48714186dfdf125072d036e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa719857f613fed94a79da055b13ca51214c694f"
        },
        {
          "url": "https://git.kernel.org/stable/c/82c211ead1ec440dbf81727e17b03b5e3c44b93d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7c3fdad0a474062d566aae3289d490d7e702d30"
        },
        {
          "url": "https://git.kernel.org/stable/c/a2796dff62d6c6bfc5fbebdf2bee0d5ac0438906"
        }
      ],
      "title": "x86/xen: don\u0027t do PV iret hypercall through hypercall page",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53241",
    "datePublished": "2024-12-24T09:24:42.212Z",
    "dateReserved": "2024-11-19T17:17:25.026Z",
    "dateUpdated": "2026-01-05T10:55:49.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-53150 (GCVE-0-2024-53150)

Vulnerability from cvelistv5 – Published: 2024-12-24 11:28 – Updated: 2026-01-05 10:55

Title

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a632bdcb359fd8145…
	https://git.kernel.org/stable/c/45a92cbc88e4013bf…
	https://git.kernel.org/stable/c/ab011f7439d9bbfd3…
	https://git.kernel.org/stable/c/da13ade87a12dd588…
	https://git.kernel.org/stable/c/74cb86e1006c5437b…
	https://git.kernel.org/stable/c/ea0fa76f61cf8e932…
	https://git.kernel.org/stable/c/096bb5b43edf755bc…
	https://git.kernel.org/stable/c/a3dd4d63eeb452cfb…

Impacted products

Vendor

Product

Version

Linux

Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < a632bdcb359fd8145e86486ff8612da98e239acd (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < 45a92cbc88e4013bfed7fd2ccab3ade45f8e896b (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9 (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < da13ade87a12dd58829278bc816a61bea06a56a9 (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < 74cb86e1006c5437b1d90084d22018da30fddc77 (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < ea0fa76f61cf8e932d1d26e6193513230816e11d (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < 096bb5b43edf755bc4477e64004fa3a20539ec2f (git)
Affected: b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a , < a3dd4d63eeb452cfb064a13862fb376ab108f6a6 (git)
Affected: 9feeaa50e5b4b0b71259d918a36ecf9059e60796 (git)
Affected: 3b17a13b687ae99939dc94a4ae01fbc34f68decc (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53150",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T18:17:06.181809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-04-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53150"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:33.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53150"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-04-09T00:00:00.000Z",
            "value": "CVE-2024-53150 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:46:35.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/clock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a632bdcb359fd8145e86486ff8612da98e239acd",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "45a92cbc88e4013bfed7fd2ccab3ade45f8e896b",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "da13ade87a12dd58829278bc816a61bea06a56a9",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "74cb86e1006c5437b1d90084d22018da30fddc77",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "ea0fa76f61cf8e932d1d26e6193513230816e11d",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "096bb5b43edf755bc4477e64004fa3a20539ec2f",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "lessThan": "a3dd4d63eeb452cfb064a13862fb376ab108f6a6",
              "status": "affected",
              "version": "b8e4f1fdfa422398c2d6c47bfb7d1feb3046d70a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "9feeaa50e5b4b0b71259d918a36ecf9059e60796",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3b17a13b687ae99939dc94a4ae01fbc34f68decc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/clock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.84",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.3.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix out of bounds reads when finding clock sources\n\nThe current USB-audio driver code doesn\u0027t check bLength of each\ndescriptor at traversing for clock descriptors.  That is, when a\ndevice provides a bogus descriptor with a shorter bLength, the driver\nmight hit out-of-bounds reads.\n\nFor addressing it, this patch adds sanity checks to the validator\nfunctions for the clock descriptor traversal.  When the descriptor\nlength is shorter than expected, it\u0027s skipped in the loop.\n\nFor the clock source and clock multiplier descriptors, we can just\ncheck bLength against the sizeof() of each descriptor type.\nOTOH, the clock selector descriptor of UAC2 and UAC3 has an array\nof bNrInPins elements and two more fields at its tail, hence those\nhave to be checked in addition to the sizeof() check."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:55:36.776Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd"
        },
        {
          "url": "https://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9"
        },
        {
          "url": "https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d"
        },
        {
          "url": "https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6"
        }
      ],
      "title": "ALSA: usb-audio: Fix out of bounds reads when finding clock sources",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53150",
    "datePublished": "2024-12-24T11:28:50.175Z",
    "dateReserved": "2024-11-19T17:17:24.999Z",
    "dateUpdated": "2026-01-05T10:55:36.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2025:3893

Vulnerability from osv_almalinux

CVE-2024-53241 (GCVE-0-2024-53241)

CVE-2024-53150 (GCVE-0-2024-53150)

Tags

Sightings

Nomenclature