Vulnerability in Linux
CVE-2024-53150
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock de…
EPSS: 0.011 (78.6th percentile) — read the EPSS interpretation.
Affected products
- Linux — versions 3b17a13b687ae99939dc94a4ae01fbc34f68decc, 6.11.11, 5.4
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd
- git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b
- git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9
- git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9
- git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77
- git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d
- git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f
- git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab108f6a6
Frequently asked questions
- What is CVE-2024-53150?
- CVE-2024-53150 is a vulnerability in Linux. Published 2024-12-24.
- Is CVE-2024-53150 known to be exploited?
- Yes. CVE-2024-53150 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-04-09), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.