7.8
CVE-2024-53104
- EPSS 3.3%
- Veröffentlicht 02.12.2024 08:15:08
- Zuletzt bearbeitet 04.11.2025 14:36:37
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version11.0
Linux ≫ Linux Kernel Version >= 2.6.26 < 4.19.324
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.286
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.230
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.172
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.117
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.61
Linux ≫ Linux Kernel Version >= 6.7 < 6.11.8
Linux ≫ Linux Kernel Version >= 6.12 < 6.12.1
VulnDex Vulnerability Enrichment
05.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Out-of-Bounds Write Vulnerability
SchwachstelleLinux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.3% | 0.869 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f
https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29
https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d
https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5
https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae
https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8
https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6
https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd
https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53104
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html