Post

CISA Updates Known Exploited Vulnerabilities Catalog with Critical Linux Kernel Flaws

CISA has updated its Known Exploited Vulnerabilities catalog to include critical Linux Kernel flaws, highlighting the importance of timely patching and security measures.

Posted
By Vitus White
2 min read
CISA Updates Known Exploited Vulnerabilities Catalog with Critical Linux Kernel Flaws

TL;DR

CISA has added two critical Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities catalog, emphasizing the need for immediate action by federal agencies and private organizations to mitigate potential risks.

Main Content

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include two critical Linux Kernel flaws, identified as CVE-2024-53197 and CVE-2024-53150.

Vulnerability Details

  1. CVE-2024-53197
    • CVSS Score: 7.8
    • Description: This vulnerability affects the Linux kernel’s ALSA USB-audio driver for Extigy and Mbox devices. Incorrect handling of USB configuration data can lead to out-of-bounds memory access, potentially causing memory corruption or system instability. Specifically, the issue arises when the bNumConfigurations field provided by connected USB devices exceeds the allocated configuration space in memory.
    • Mitigation: The flaw has been addressed by validating the configuration count before use, ensuring the kernel does not access memory outside the allocated region.
  2. CVE-2024-53150
    • CVSS Score: 7.8
    • Description: This vulnerability also targets the Linux kernel’s ALSA USB-audio driver. The driver fails to validate the bLength field in USB audio clock descriptors during traversal, allowing a malicious or misconfigured USB device to supply a descriptor with a shorter-than-expected bLength, potentially leading to out-of-bounds reads.

CISA Directives

According to the Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by the specified due date to protect their networks against potential attacks. CISA has mandated that federal agencies fix these vulnerabilities by April 30, 2025.

Recommendations for Private Organizations

Experts recommend that private organizations also review the KEV Catalog and implement necessary patches to address these vulnerabilities within their infrastructure.

Additional Vulnerabilities

This week, CISA also added vulnerabilities related to Gladinet CentreStack and the ZTA Microsoft Windows Common Log File System (CLFS) Driver, tracked as CVE-2025-30406 and CVE-2025-29824, to its KEV catalog.

Follow for More Updates

For the latest updates and insights, follow on:

Conclusion

The addition of these critical Linux Kernel vulnerabilities to CISA’s KEV catalog underscores the importance of prompt and effective vulnerability management. Both federal agencies and private organizations must remain vigilant and proactive in addressing known exploited vulnerabilities to safeguard their systems against potential cyber threats.

For more details, visit the full article: source

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity linux vulnerabilities
This post is licensed under CC BY 4.0 by the author.