🟢 CVE-2024-53104

CVE-2024-53104 is a Linux kernel vulnerability in the UVC video driver that causes out-of-bounds writes during USB camera parsing. Despite being in CISA KEV, this is a local privilege escalation vulnerability requiring physical access or malicious USB devices, not an internet-facing service vulnerability.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2024-12-02

Added to CISA KEV: 2025-02-05 65 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-53104 is a significant security vulnerability in the Linux kernel's USB Video Class (UVC) driver, which has been identified as being under active exploitation in the wild [1].

Overview and Impact
  • Vulnerability Type: This is an out-of-bounds (OOB) memory write vulnerability [3].
  • Impact: Successful exploitation allows for privilege escalation, enabling an attacker to execute code with root privileges or crash the system [1] [4].
  • CVSS Score: 7.8 (High) [1].
Exploitation and Threat Actor Usage
  • Active Exploitation: The vulnerability has been confirmed as being actively exploited in the wild [1]. It is included in CISA’s Known Exploited Vulnerabilities (KEV) catalog [2] [3].
  • Targeting: While it is a Linux kernel vulnerability, it primarily impacts Android devices [3]. There is currently no public information detailing specific threat actors, ransomware campaigns, or the specific nature of the targeted attacks associated with this CVE.
  • Requirements: Exploitation generally requires local access to the device and involves video streaming over the UVC driver [3].
Technical Details
  • Root Cause: The issue stems from the `uvc_parse_format` function in the UVC driver, which failed to account for frames of type `UVC_VS_UNDEFINED` when calculating the size of the frames buffer in `uvc_parse_streaming`, leading to an out-of-bounds write [2].
Patch and Mitigation Status
  • Patch Status: The vulnerability was addressed by Google in the February 2025 Android security updates [1] [5].
  • Mitigation: Users are advised to apply the latest security patches provided by their device manufacturers. Because this is a kernel-level issue, ensuring the device is running a patched kernel version is the primary defense.

Sources

  1. Google Patches 47 Android Security Flaws, Including Actively...

    Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel com…

  2. NVD - CVE-2024-53104

    Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... CVE-2024-53104 Detail. Description. In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip par…

  3. CVE-2024-53104: Are You Really at Risk? | OX Security

    What is CVE-2024-53104? This CVE core issue is an out-of-bounds memory write vulnerability in the Linux kernel's USB Video Class (UVC) driver. ... Is CVE-2024-53104 a critical Linux vulnerability? While listed in CISA’s KEV catalog, it primarily affects Android and requires physical access. Learn if…

  4. CVE-2024-53104 - Exploits & Severity - Feedly

    The advisory patched specific vulnerabilities in the Linux kernel (including issues like CVE-2024-53104 ) that allowed local attackers to crash systems or execute code as root. A more direct check for the specific memory-handling bug involves verifying kernel logs for unusual USB or video buffer err…

  5. Google Releases Android Update to Patch Two Actively Exploited...

    While CVE-2024-53104 was addressed by Google in February 2025, CVE-2024-50302 was remediated last month. With the latest update, all three vulnerabilities have been fixed, effectively plugging the exploit path. There are currently no details on how CVE-2024-53150 has been exploited in real-world att…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed