7.8
CVE-2024-53104
- EPSS 11.36%
- Veröffentlicht 02.12.2024 08:15:08
- Zuletzt bearbeitet 04.11.2025 14:36:37
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
LoginIn the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version11.0
Linux ≫ Linux Kernel Version >= 2.6.26 < 4.19.324
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.286
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.230
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.172
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.117
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.61
Linux ≫ Linux Kernel Version >= 6.7 < 6.11.8
Linux ≫ Linux Kernel Version >= 6.12 < 6.12.1
05.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Out-of-Bounds Write Vulnerability
SchwachstelleLinux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.36% | 0.932 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.