{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53104", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.985Z", "datePublished": "2024-12-02T07:29:27.261Z", "dateUpdated": "2024-12-19T09:39:13.472Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:39:13.472Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/uvc/uvc_driver.c"], "versions": [{"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "684022f81f128338fe3587ec967459669a1204ae", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "faff5bbb2762c44ec7426037b3000e77a11d6773", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "467d84dc78c9abf6b217ada22b3fdba336262e29", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "beced2cb09b58c1243733f374c560a55382003d6", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "575a562f7a3ec2d54ff77ab6810e3fbceef2a91d", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "622ad10aae5f5e03b7927ea95f7f32812f692bb5", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "1ee9d9122801eb688783acd07791f2906b87cb4f", "status": "affected", "versionType": "git"}, {"version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "ecf2b43018da9579842c774b7f35dbe11b5c38dd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/uvc/uvc_driver.c"], "versions": [{"version": "2.6.26", "status": "affected"}, {"version": "0", "lessThan": "2.6.26", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.324", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.286", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.230", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.172", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.117", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.61", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.8", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.1", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8"}, {"url": "https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae"}, {"url": "https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773"}, {"url": "https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29"}, {"url": "https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6"}, {"url": "https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d"}, {"url": "https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5"}, {"url": "https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f"}, {"url": "https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd"}], "title": "media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-11T14:55:23.173794Z", "id": "CVE-2024-53104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T14:55:26.951Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-11T14:55:23.173794Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T14:50:56.530Z"}}], "cna": {"title": "media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "684022f81f128338fe3587ec967459669a1204ae", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "faff5bbb2762c44ec7426037b3000e77a11d6773", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "467d84dc78c9abf6b217ada22b3fdba336262e29", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "beced2cb09b58c1243733f374c560a55382003d6", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "575a562f7a3ec2d54ff77ab6810e3fbceef2a91d", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "622ad10aae5f5e03b7927ea95f7f32812f692bb5", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "1ee9d9122801eb688783acd07791f2906b87cb4f", "versionType": "git"}, {"status": "affected", "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c", "lessThan": "ecf2b43018da9579842c774b7f35dbe11b5c38dd", "versionType": "git"}], "programFiles": ["drivers/media/usb/uvc/uvc_driver.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.26"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.26", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.324", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.286", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.230", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.172", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.117", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.61", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.11.8", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12.1", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.13-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/usb/uvc/uvc_driver.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8"}, {"url": "https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae"}, {"url": "https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773"}, {"url": "https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29"}, {"url": "https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6"}, {"url": "https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d"}, {"url": "https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5"}, {"url": "https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f"}, {"url": "https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:39:13.472Z"}}}, "cveMetadata": {"cveId": "CVE-2024-53104", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:39:13.472Z", "dateReserved": "2024-11-19T17:17:24.985Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-12-02T07:29:27.261Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Omitir el an\u00e1lisis de fotogramas de tipo UVC_VS_UNDEFINED en uvc_parse_format Esto puede provocar escrituras fuera de los l\u00edmites, ya que los fotogramas de este tipo no se tuvieron en cuenta al calcular el tama\u00f1o del b\u00fafer de fotogramas en uvc_parse_streaming."}], "id": "CVE-2024-53104", "lastModified": "2024-12-11T15:15:18.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-02T08:15:08.687", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format", "id": "2329817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329817"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming."], "name": "CVE-2024-53104", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53104\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53104\nhttps://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/T"], "threat_severity": "Moderate"}