CVE-2024-53197 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2024-12-27

Added to CISA KEV: 2025-04-09 103 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply kernel patches immediately for affected Linux distributions
Implement USB device restrictions and monitoring in sensitive environments
Review physical security controls for USB port access
Monitor for suspicious USB device connections in system logs
HIGH patch priority due to CISA KEV listing and active exploitation

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-53197 is a security vulnerability identified in the Linux kernel's USB Audio driver, specifically affecting how it handles certain USB devices ^[1].

Vulnerability Overview

The vulnerability stems from improper validation of USB device descriptors. A malicious USB device can provide a `bNumConfigurations` value that exceeds the initial value used by the kernel during the `usb_get_configuration` process for allocating memory for device configurations ^[2]. This discrepancy can lead to out-of-bounds memory accesses, such as during the `usb_destroy_configuration` routine ^[4].

Exploitation and Impact

Attack Method & Requirements: Successful exploitation requires physical access to the target system, as the attacker must connect a malicious USB device to the host ^[1]. It is not a remote network-based attack.
Active Exploitation & Threat Actors: There is no widely reported evidence of this vulnerability being used in active, large-scale ransomware campaigns or targeted attacks in the wild as of mid-2026. While it is tracked in security databases, it is primarily categorized as a local kernel-level flaw.
Impact: Successful exploitation can lead to memory corruption, which may result in a system crash (Denial of Service) or potentially allow for arbitrary code execution with kernel-level privileges, depending on the specific environment and the attacker's ability to manipulate memory layout.
Proof-of-Concept: While the nature of the flaw is well-understood by kernel developers, there are no widely publicized, weaponized exploit tools for this specific CVE.

Affected Versions and Mitigation

Affected Products: The vulnerability affects various versions of the Linux kernel that include the vulnerable USB Audio driver code for Extigy and Mbox devices.
Status: This issue has been resolved in the Linux kernel. Users are advised to update their systems to a patched kernel version provided by their respective Linux distribution (e.g., via standard security updates) ^[3]. Applying the latest kernel patches is the standard and effective mitigation.

Sources

CVE-2024-53197 - Red Hat Customer Portal
A vulnerability was found in the Linux kernel's USB Audio driver. This flaw allows an attacker with physical access to the system to use a malicious USB device ...
NVD - CVE-2024-53197
Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... CVE-2024-53197 Detail. Description. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix pote…
access.redhat.com/errata/RHSA-2025:2525
... A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. ... kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (CVE-2024-53197) ...
CVE-2024-53197 - Vulnerability Details - OpenCVE
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config.Links: CV…