CVE-2024-53104

CVE Database · CVE-2024-53104

CVE-2024-53104

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

3.30%

Published

Dec 2, 2024

Modified

Nov 4, 2025

CISA Known Exploited Vulnerability

Added: 2025-02-05 · Due: 2025-02-26

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (9)

debian · debian_linuxvulnerable

linux · linux_kernel (up to 4.19.324)vulnerable

linux · linux_kernel (up to 5.4.286)vulnerable

linux · linux_kernel (up to 5.10.230)vulnerable

linux · linux_kernel (up to 5.15.172)vulnerable

linux · linux_kernel (up to 6.1.117)vulnerable

linux · linux_kernel (up to 6.6.61)vulnerable