{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-53104","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-11-19T17:17:24.985Z","datePublished":"2024-12-02T07:29:27.261Z","dateUpdated":"2026-05-11T20:50:54.836Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:50:54.836Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/usb/uvc/uvc_driver.c"],"versions":[{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"684022f81f128338fe3587ec967459669a1204ae","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"faff5bbb2762c44ec7426037b3000e77a11d6773","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"467d84dc78c9abf6b217ada22b3fdba336262e29","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"beced2cb09b58c1243733f374c560a55382003d6","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"575a562f7a3ec2d54ff77ab6810e3fbceef2a91d","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"622ad10aae5f5e03b7927ea95f7f32812f692bb5","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"1ee9d9122801eb688783acd07791f2906b87cb4f","status":"affected","versionType":"git"},{"version":"c0efd232929c2cd87238de2cccdaf4e845be5b0c","lessThan":"ecf2b43018da9579842c774b7f35dbe11b5c38dd","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/media/usb/uvc/uvc_driver.c"],"versions":[{"version":"2.6.26","status":"affected"},{"version":"0","lessThan":"2.6.26","status":"unaffected","versionType":"semver"},{"version":"4.19.324","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.286","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.230","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.172","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.117","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.61","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.8","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12.1","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"4.19.324"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.4.286"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.10.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.15.172"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.1.117"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.6.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.11.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.12.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8"},{"url":"https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae"},{"url":"https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773"},{"url":"https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29"},{"url":"https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6"},{"url":"https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d"},{"url":"https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5"},{"url":"https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f"},{"url":"https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd"}],"title":"media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-53104","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-04-21T13:29:32.093245Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2025-02-05","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53104"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53104","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-787","description":"CWE-787 Out-of-bounds Write"}]}],"timeline":[{"time":"2025-02-05T00:00:00.000Z","lang":"en","value":"CVE-2024-53104 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T22:55:34.852Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:29:17.000Z"}}]}}