CVE-2024-53061

HIGH

Linux Kernel < 4.19.324 - Integer Underflow

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.

References (10)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

[Patch] https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a

[Patch] https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd

[Patch] https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e

[Patch] https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51

[Patch] https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e

[Patch] https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51

[Patch] https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b

[Patch] https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-191

Status published

Products (9)

linux/Kernel 4.20.0 - 5.4.286linux

linux/Kernel 4.4.0 - 4.19.324linux

linux/Kernel 5.11.0 - 5.15.172linux

linux/Kernel 5.16.0 - 6.1.117linux

linux/Kernel 5.5.0 - 5.10.230linux

linux/Kernel 6.2.0 - 6.6.61linux

linux/Kernel 6.7.0 - 6.11.8linux

linux/linux_kernel 6.12 rc1 (6 CPE variants)

linux/linux_kernel 4.4 - 4.19.324

Published Nov 19, 2024

Tracked Since Feb 18, 2026