Advertisements
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Linux kernel vulnerabilities, CVE-2024-53150 and CVE-2024-53197, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited in the wild and pose significant risks to affected systems.
CVE-2024-53150: Linux Kernel Out-of-Bounds Read Vulnerability
- Type: Information Disclosure.
- Description:
- This vulnerability is caused by an out-of-bounds read in the Linux kernel, specifically affecting Android systems.
- It allows local attackers to access sensitive data from kernel memory without requiring user interaction.
- Exploitation can lead to the exposure of encryption keys, credentials, or other sensitive information.
- Impact:
- Enables attackers to leak memory content from kernel space to user space, making it a stealthy and effective tool for surveillance or data exfiltration.
- Mitigation:
- Google’s April 2025 Android security update includes patches for this vulnerability.
- Organizations should apply the latest kernel updates and monitor systems for signs of compromise.
CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability
- Type: Local Privilege Escalation.
- Description:
- This vulnerability is an out-of-bounds access bug found in the USB-audio driver for ALSA (Advanced Linux Sound Architecture) devices in the Linux kernel.
- Exploitation allows attackers to escalate privileges locally by connecting a malicious USB device.
- Impact:
- Grants attackers elevated privileges, enabling them to compromise Android systems connected to USB devices.
- Part of a sophisticated zero-day exploit chain used to unlock confiscated Android devices.
- Mitigation:
- Apply Google’s April 2025 Android security update, which addresses this vulnerability.
- Disable USB device access on sensitive systems where possible and monitor for unusual USB activity.
Exploitation Context
- These vulnerabilities are part of a zero-day exploit chain allegedly developed by Cellebrite, a digital forensics vendor, and used by Serbian law enforcement to unlock confiscated Android devices.
- The exploit chain includes other vulnerabilities such as:
- CVE-2024-53104: USB Video Class zero-day (patched in February 2025).
- CVE-2024-50302: Human Interface Device (HID) zero-day (patched in March 2025).
CISA Recommendations
Patch Systems:
- Federal Civilian Executive Branch (FCEB) agencies are required to patch systems affected by these vulnerabilities by April 30, 2025, under Binding Operational Directive (BOD) 22-01.
- All organizations are strongly urged to prioritize remediation as part of their vulnerability management practices.
Monitor for Exploitation:
- Deploy advanced monitoring tools to detect unauthorized access or unusual activity related to USB devices and kernel memory.
Enhance Security Posture:
- Implement endpoint protection solutions and restrict USB device access on critical systems.
