CISA Alerts on Actively Exploited Linux Kernel Out-of-Bounds & Read Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel.

The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate system memory, escalate privileges, or access sensitive information.

CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability

The first vulnerability, CVE-2024-53197, stems from an out-of-bounds access bug in the Linux Kernel’s USB-audio driver.

This flaw can be exploited by an attacker with physical access to a system by utilizing a malicious USB device. The attacker could potentially:

• Manipulate system memory,
• Escalate privileges, or
• Execute arbitrary code on the targeted system.

This vulnerability is linked to CWE-787 (Out-of-Bounds Write) and is classified as critical due to the impact it could have on affected systems.

While no direct evidence has surfaced linking this flaw to ransomware campaigns, CISA urges immediate action.

Organizations must follow the mitigations provided by vendors, adhere to the Binding Operational Directive (BOD) 22-01 for cloud services, or discontinue the use of the product if no mitigation is available.

• Date Added to Known Exploits Catalog: April 9, 2025
• Mitigation Deadline: April 30, 2025

Security teams are advised to prioritize patching systems and ensure that physical access to USB ports is restricted, especially in high-security environments.

CVE-2024-53150: Linux Kernel Out-of-Bounds Read Vulnerability

The second vulnerability, CVE-2024-53150, involves an out-of-bounds read issue in the same USB-audio driver.

Unlike CVE-2024-53197, this flaw is exploitable by a local, privileged attacker who could leverage it to obtain potentially sensitive information, such as system memory details or user credentials.

This vulnerability is associated with CWE-125 (Out-of-Bounds Read). While the exploit does not grant the attacker direct system control, it poses a significant risk of data exposure.

CISA notes that no evidence currently links this vulnerability to ransomware campaigns, but given the sensitive nature of the data that could be exposed, resolving the issue is critical.

• Date Added to Known Exploits Catalog: April 9, 2025
• Mitigation Deadline: April 30, 2025

System administrators are encouraged to deploy vendor-recommended patches or mitigation measures as a priority.

Recommendations for Mitigation

CISA advises all impacted users and administrators to:

1. Apply vendor-provided patches: Vendors have released updates addressing both CVEs. Immediate application is crucial.
2. Follow BOD 22-01 guidance: Ensure compliance with CISA’s operational security directives, particularly for cloud-based services.
3. Restrict USB access: If mitigations cannot be implemented immediately, organizations should consider restricting or monitoring physical access to USB ports.

Failure to address these vulnerabilities by the stipulated date could lead to exploitation attempts, particularly as attackers increasingly target Linux systems with similar flaws.

CISA’s alerts underscore the growing threat landscape surrounding Linux-based systems. Organizations are reminded to maintain robust patch management policies and proactively monitor for signs of exploitation.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!