CVE-2024-53061

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-53061

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.

References
Link Resource
https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a Patch
https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd Patch
https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e Patch
https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51 Patch
https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e Patch
https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51 Patch
https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b Patch
https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
History

03 Nov 2025, 23:17

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

03 Nov 2025, 21:17

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html -

22 Nov 2024, 17:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-191
References () https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a - () https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a - Patch
References () https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd - () https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd - Patch
References () https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e - () https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e - Patch
References () https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51 - () https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51 - Patch
References () https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e - () https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e - Patch
References () https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51 - () https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51 - Patch
References () https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b - () https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b - Patch
References () https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef - () https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef - Patch
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: s5p-jpeg: evitar desbordamientos de búfer La lógica actual permite que word sea menor que 2. Si esto sucede, habrá desbordamientos de búfer, como lo informa smatch. Agregue verificaciones adicionales para evitarlo. Mientras esté aquí, elimine una asignación word = 0 sin usar.
First Time Linux
Linux linux Kernel
CPE cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*

19 Nov 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-19 18:15

Updated : 2025-11-03 23:17

NVD link : CVE-2024-53061

Mitre link : CVE-2024-53061

CVE.ORG link : CVE-2024-53061

JSON object : View

Products Affected

linux

CWE
CWE-191

Integer Underflow (Wrap or Wraparound)