CVE-2024-53104
Confirmed PUBLISHEDmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
Recommended Action
Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
At a Glance
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
- CVE Published
- Dec 02, 2024
- Exploitation Reported
- Feb 05, 2025
- CVSS
- 7.8 High
- EPSS
- 3.3%
Affected Versions
| Vendor | Product | Version | Status |
|---|---|---|---|
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < 95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8 |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < 684022f81f128338fe3587ec967459669a1204ae |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < faff5bbb2762c44ec7426037b3000e77a11d6773 |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < 467d84dc78c9abf6b217ada22b3fdba336262e29 |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < beced2cb09b58c1243733f374c560a55382003d6 |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < 575a562f7a3ec2d54ff77ab6810e3fbceef2a91d |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < 622ad10aae5f5e03b7927ea95f7f32812f692bb5 |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < 1ee9d9122801eb688783acd07791f2906b87cb4f |
Affected |
| Linux |
Linux
|
c0efd232929c2cd87238de2cccdaf4e845be5b0c to < ecf2b43018da9579842c774b7f35dbe11b5c38dd |
Affected |
| Linux |
Linux
|
2.6.26 |
Affected |
| Linux |
Linux
|
0 to < 2.6.26 |
Unaffected |
| Linux |
Linux
|
4.19.324 to <= 4.19.* |
Unaffected |
| Linux |
Linux
|
5.4.286 to <= 5.4.* |
Unaffected |
| Linux |
Linux
|
5.10.230 to <= 5.10.* |
Unaffected |
| Linux |
Linux
|
5.15.172 to <= 5.15.* |
Unaffected |
| Linux |
Linux
|
6.1.117 to <= 6.1.* |
Unaffected |
| Linux |
Linux
|
6.6.61 to <= 6.6.* |
Unaffected |
| Linux |
Linux
|
6.11.8 to <= 6.11.* |
Unaffected |
| Linux |
Linux
|
6.12.1 to <= 6.12.* |
Unaffected |
| Linux |
Linux
|
6.13 to <= * |
Unaffected |
CVE References
- git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a... git.kernel.org · CVE Record https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8
- git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1... git.kernel.org · CVE Record https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae
- git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11... git.kernel.org · CVE Record https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773
- git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba3362... git.kernel.org · CVE Record https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29
- git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382... git.kernel.org · CVE Record https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6
Show 4 more references
- git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef... git.kernel.org · CVE Record https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d
- git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f6... git.kernel.org · CVE Record https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5
- git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b8... git.kernel.org · CVE Record https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f
- git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5... git.kernel.org · CVE Record https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd
Recommended Actions
- Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
- Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
- Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.
Known Exploited Vulnerability Sources
Catalogues that list this CVE as a known exploited vulnerability.
Per-source evidence links for KEV attestations are available through the KEVIntel Pro API.
Learn about Pro API access| Source | Added |
|---|---|
| CISA First | 2025-02-05 00:00 UTC |
| CVE | 2026-06-05 09:42 UTC |
No detection artifacts or sensor request patterns are available for this CVE yet.
Check back as sensor telemetry and scanner integrations are updated.
Virtual Patch
Compensating WAF rules to help reduce exposure to this CVE. Rule content and deployable vendor exports are available with KEVIntel Enterprise.
KEVIntel does not currently have a virtual patch for this CVE. When available, KEVIntel virtual patches ship as deployable ModSecurity, Cloudflare, and AWS WAF rules.
Enterprise feature. Virtual patch rule content and deployable vendor exports (ModSecurity, Cloudflare, AWS WAF) are available to KEVIntel Enterprise users.
CVSS Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
Exploited in the wild
Recorded 2025-02-05 00:00:00 UTC · CISA
Weaknesses (CWE)
-
Out-of-bounds Write
Scanner Integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/237432 | Jun 02, 2025 |
Recent Mentions
Google Threat Intelligence · Apr 29, 2025
Written by: Casey Charrier, James Sadowski, Clement Lecigne, Vlad Stolyarov Executive Summary Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances. Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. For a deeper look at the trends discussed in this report, along with recommendations for defenders, register for our upcoming zero-day webinar. Scope This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that…
Timeline
Key exploitation, disclosure, scanner coverage, and KEV attestation events for this CVE.
-
09:42 UTC about 1 month ago09:42 UTC · about 1 month ago
KEV confirmed by CVE
Exploitation attested by an external source
-
09:25 UTC about 1 year ago09:25 UTC · about 1 year ago
Nessus plugin available
Scanner coverage available
-
00:00 UTC over 1 year ago00:00 UTC · over 1 year ago
Added to CISA KEV
Listed in the CISA Known Exploited Vulnerabilities catalog
-
07:29 UTC over 1 year ago07:29 UTC · over 1 year ago
CVE published
Vulnerability disclosed publicly
-
17:17 UTC over 1 year ago17:17 UTC · over 1 year ago
CVE ID reserved
Identifier reserved by the CNA
Automate This Intelligence with the Pro API
Confidence scoring, exploit status, sensor telemetry, PoCs, scanner integrations, mentions, and tags are available programmatically for VM, SOC, and CTI workflows.
Pro API Example
GET /api/v2/pro/kevs/CVE-2024-53104
{
"cve_id": "CVE-2024-53104",
"title": "media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_fo...",
"affected_vendor": "Linux",
"affected_product": "Linux",
"affected_versions": [
{ "vendor": "...", "product": "...", "status": "affected", "display_label": "..." }
],
"confidence": "Confirmed",
"cvss_score": 7.8,
"epss_score": 0.03301,
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false
},
"sensor_telemetry": { "...": "Pro API fields" },
"proof_of_concepts": [ "..." ],
"scanner_integrations": [ "..." ]
}