[CVE-2024-53104] Linux Kernel Out-of-Bounds Write Vulnerability

SecurityDesk
2025.02.05 00:00 조회 16

CISA KEV 정보

취약점명Linux Kernel Out-of-Bounds Write Vulnerability
설명Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
조치사항Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용Unknown
CWECWE-787
등록일 (KEV)2025-02-05
조치 기한2025-02-26
추가 참고This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-53104

NVD 상세 정보

CVSS v3.1: 7.8 HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

설명: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

CWE: CWE-787 | CWE-787

참조

This product uses the NVD API but is not endorsed or certified by the NVD.



바로 가기

← 목록으로 돌아가기

IT 도구 서랍

→ Unix: 2025-01-15T09:30:00
→ 날짜: 1736934600

→ ASCII: ABC
→ 문자: 65 66 67

ASCII 코드표 — 클릭하면 입력란에 추가

제어 문자 (0–31)

DecHex약어설명

출력 가능 문자 (32–126)

DecHex문자

확장 ASCII (128–255)

DecHex문자

→ 유니코드: 홍길동
→ 문자: \ud64d\uae38\ub3d9