CyberSecurityBoard
Sponsor Register Login

CISA Warns of Linux USB-Audio Driver Out-of-Bounds Vulnerability Exploited in Wild

Federal agencies have been mandated to patch affected systems by April 30, 2025, as these exploits form part of a sophisticated zero-day chain reportedly used to unlock confiscated Android devices. These vulnerabilities are reportedly part of a larger exploit chain including the previously identified CVE-2024-53104 allegedly developed by digital forensics vendor Cellebrite and used by law enforcement agencies to forcibly unlock Android devices. The Cybersecurity and Infrastructure Security Agency (CISA) has added two significant Linux kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog yesterday, confirming both flaws are being actively weaponized in targeted attacks. The vulnerability is addressed in kernel versions 5.15.0-305.176.4.el9uek (Oracle) and 6.12.2. Google’s April 2025 Android security update includes the fix. The affected systems include Linux kernels up to version 6.12.1, particularly those using Extigy and Mbox USB audio devices. Affected systems include Linux kernels from 5.4 to 6.12.1, including Android devices. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers with physical access can exploit it by connecting a malicious USB device, such as a forged audio interface, to trigger out-of-bounds memory accesses. Local attackers with elevated privileges can exploit it to read kernel memory, potentially exposing encryption keys or credentials. The exploits were discovered during a forensic investigation by Amnesty International’s Security Lab while analyzing logs from devices unlocked by Serbian police. Organizations using Linux systems, particularly those with USB peripherals, should apply available patches immediately and consider implementing additional USB device restrictions until systems are fully secured. CVE-2024-53150 specifically can leak memory content from kernel space to user space, potentially exposing encryption keys or credentials. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. A malicious USB device providing a bNumConfigurations value exceeding the initial allocation in usb_get_configuration leads to memory corruption in usb_destroy_configuration. She is covering various cyber security incidents happening in the Cyber Space.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Apr 2025 08:25:10 +0000


Cyber News related to CISA Warns of Linux USB-Audio Driver Out-of-Bounds Vulnerability Exploited in Wild

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Linux USB Audio Driver Vulnerability Actively Exploited in the Wild Via Malicious USB - The USB-audio driver in the Linux kernel has an out-of-bounds access vulnerability that possibly enables an attacker with physical access to the system to use a malicious USB device to escalate privileges, modify system memory, or run arbitrary code. ...
9 months ago Cybersecuritynews.com
CVE-2023-52528 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
CVE-2025-38153 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2022-49936 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
CISA Warns of Linux USB-Audio Driver Out-of-Bounds Vulnerability Exploited in Wild - Federal agencies have been mandated to patch affected systems by April 30, 2025, as these exploits form part of a sophisticated zero-day chain reportedly used to unlock confiscated Android devices. These vulnerabilities are reportedly part of a ...
9 months ago Cybersecuritynews.com CVE-2024-53104
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 year ago Therecord.media
CVE-2024-56769 - In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in ...
1 year ago Tenable.com
CVE-2022-50626 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2024-41097 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
CVE-2023-52742 - In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a ...
1 year ago Tenable.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
CISA warns agencies of fourth flaw used in Triangulation spyware attacks - The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Apple, Adobe, Apache, D-Link, and Joomla. The Known Exploited Vulnerabilities ...
2 years ago Bleepingcomputer.com CVE-2023-27524 CVE-2023-41990 CVE-2023-38203 CVE-2023-29300 CVE-2016-20017
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira
CVE-2025-38376 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
2 years ago Bleepingcomputer.com CVE-2023-6548 CVE-2023-6549 CVE-2024-0519
CVE-2025-21916 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CISA orders federal agencies to patch Looney Tunables Linux bug - Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. Dubbed 'Looney Tunables' by Qualys' Threat Research Unit and ...
2 years ago Bleepingcomputer.com CVE-2023-4911 CVE-2023-46604

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)