How severe is CVE-2024-53150?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-53150?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2024-53150 - HIGH Severity | CVSS 7.8

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.

Related Vulnerabilities

CVE-1999-0022

HIGH

CVSS:7.8(High)

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CWE-1251999

CVE-2014-7825

HIGH

CVSS:7.8(High)

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of servic...

CWE-1252014

CVE-2015-2325

HIGH

CVSS:7.8(High)

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unsp...

CWE-1252015

CVE-2016-10244

HIGH

CVSS:7.8(High)

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buff...

CWE-1252016

CVE-2016-10269

HIGH

CVSS:7.8(High)

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer ...

CWE-1252016

CVE-2016-10270

HIGH

CVSS:7.8(High)

LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and lib...

CWE-1252016