CISA: CVE-2024-53150 added to Known Exploited Vulnerabilities — Linux Kernel

What happened

CISA added CVE-2024-53150 to its Known Exploited Vulnerabilities (KEV) catalog on 2025-04-09, assigning a remediation due date of 2025-04-30 CISA KEV. The flaw is an out-of-bounds read in the Linux Kernel’s USB-audio driver, enabling information disclosure when triggered by a local, privileged actor NVD entry. The issue maps to CWE-125 (Out-of-bounds Read), a class of bugs where code reads memory outside the intended buffer CWE-125 (MITRE). Inclusion in KEV indicates evidence of exploitation in the wild and elevates patching urgency for defenders CISA KEV.

Why it matters

Kernel-level information disclosure weakens isolation boundaries and can expose data that should remain unreadable to attackers CWE-125 (MITRE). Because the bug exists in a core kernel driver (USB-audio), it can impact any system running a vulnerable Linux kernel build, irrespective of distribution packaging NVD entry. For U.S. Federal Civilian Executive Branch agencies, KEV listing sets a binding timeline to remediate under BOD 22-01, making timely closure a compliance requirement, not just a best practice BOD 22-01. The KEV entry’s presence confirms active exploitation, which means organizations should assume opportunistic adversaries are attempting to harvest disclosed data wherever feasible CISA KEV.

Technical detail

CVE-2024-53150 is an out-of-bounds read in the USB-audio driver path of the Linux kernel, permitting reads beyond the intended memory region NVD entry. By definition, an out-of-bounds read occurs when code computes an invalid index or length and then accesses memory past the buffer’s boundary, risking exposure of adjacent memory contents CWE-125 (MITRE). According to the published record, exploitation requires local, privileged access, and successful triggers can yield potentially sensitive information from kernel memory NVD entry. The MITRE record tracks the same vulnerability scope and impact under the assigned CVE ID, aligning with the information disclosure nature of the flaw MITRE CVE record.

This is not a memory write or code-execution primitive by itself; its direct impact is information disclosure, consistent with CWE-125 semantics rather than arbitrary memory modification CWE-125 (MITRE). However, KEV designation indicates real-world adversaries have found value in this primitive, so treating it as high-priority is warranted despite the "read" classification CISA KEV.

Defense

Prioritize remediation immediately: CISA directs organizations to apply mitigations per vendor guidance and meet the KEV remediation date of 2025-04-30 where applicable CISA KEV. For federal agencies, KEV timelines are mandatory under BOD 22-01, which explicitly requires reducing risk from known exploited vulnerabilities within prescribed windows BOD 22-01. Track this CVE through authoritative records to ensure package and kernel updates truly address CVE-2024-53150 across all impacted assets NVD entry.

Operationally, make CVE-2024-53150 part of your active KEV remediation queues and verify closure through change and vulnerability management, not just advisory review CISA KEV. If immediate patching is not possible, follow CISA’s standing guidance to apply available mitigations and reduce exposure until vendor fixes can be deployed CISA KEV. Maintain situational awareness using the CVE’s canonical records so detection, patch orchestration, and audit pipelines stay aligned to the official scope MITRE CVE record.

Lyrie Verdict

Information disclosure at kernel level is a low-noise enabler for autonomous post-compromise tooling. Lyrie treats KEV-listed info-leaks as high-priority exposures and auto-escalates risk on assets matching CVE-2024-53150 until kernel fixes are verified end-to-end CISA KEV. We ingest authoritative CVE/CWE context to weight the blast radius and automate patch orchestration at machine speed, shrinking the window where a local, privileged agent could harvest sensitive data NVD entry. Our stance: starve rogue automation of easy primitives by enforcing KEV-driven remediation SLAs and closing read-side leaks before they feed larger kill chains BOD 22-01.