CISA Adds Actively Exploited Linux Kernel Vulnerability to Known Exploited Vuln Catalog

   February 5, 2025  Posted in CyberSecurityNews


The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, CVE-2024-53104, to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing its potential impact on systems worldwide.

This vulnerability, classified as an out-of-bounds write issue, affects the USB Video Class (UVC) driver in the Linux kernel and could lead to privilege escalation, arbitrary code execution, or system crashes.

Details of the Vulnerability

CVE-2024-53104 arises from improper handling of specific video frame types in the uvc_parse_streaming function of the UVC driver. Frames marked as UVC_VS_UNDEFINED were not properly accounted for during buffer size calculations.

SIEM as a Service

This oversight allows attackers to exploit the flaw by feeding malicious data through USB devices, leading to memory corruption and potentially enabling privilege escalation or denial-of-service conditions.

The vulnerability affects Linux kernels from version 2.6.26 (released in 2008) up to versions patched in late 2024.

Severity and Exploitation

Rated with a CVSS score of 7.8 (high severity), this vulnerability is particularly concerning due to its potential for physical exploitation.

Google has reported “limited, targeted exploitation” of this flaw in Android devices, suggesting its use in highly targeted attacks.

While no evidence links it to widespread ransomware campaigns yet, its inclusion in the KEV catalog underscores its significance as a security risk.

Mitigation and Recommendations

CISA advises organizations to prioritize patching systems affected by CVE-2024-53104. The Linux kernel team has released updates addressing the issue in various kernel branches, including versions 4.19.324, 5.4.286, 5.10.230, and newer stable releases.

For Android devices, Google addressed the vulnerability in its February 2025 security update. Users are strongly encouraged to update their devices to patch levels 2025-02-01 or 2025-02-05 immediately.

Organizations should:

  • Apply kernel updates provided by vendors.
  • Use automated vulnerability management tools to identify and remediate affected systems.
  • Monitor for unusual activity that could indicate exploitation attempts.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free



Source link