CVE-2024-53204 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/258ea41c926b7b3a16d0d7aa210a1401c4a1601b
https://git.kernel.org/stable/c/48d52d3168749e10c1c37cd4ceccd18625851741
https://git.kernel.org/stable/c/776f13ad1f88485206f1dca5ef138553106950e5
https://git.kernel.org/stable/c/bf373d2919d98f3d1fe1b19a0304f72fe74386d9
https://git.kernel.org/stable/c/e27877990e54bfe4246dd850f7ec8646c999ce58
https://lore.kernel.org/linux-cve-announce/2024122727-CVE-2024-53204-0f6e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-53204
https://www.cve.org/CVERecord?id=CVE-2024-53204

History

Fri, 18 Apr 2025 13:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/258ea41c926b7b3a16d0d7aa210a1401c4a1601b https://git.kernel.org/stable/c/e27877990e54bfe4246dd850f7ec8646c999ce58

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Low`	threat_severity `Moderate`

Tue, 14 Jan 2025 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122727-CVE-2024-53204-0f6e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-53204 https://www.cve.org/CVERecord?id=CVE-2024-53204
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 27 Dec 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked.
Title		phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
References		https://git.kernel.org/stable/c/48d52d3168749e10c1c37cd4ceccd18625851741 https://git.kernel.org/stable/c/776f13ad1f88485206f1dca5ef138553106950e5 https://git.kernel.org/stable/c/bf373d2919d98f3d1fe1b19a0304f72fe74386d9

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-27T13:49:50.268Z

Updated: 2025-04-18T13:32:13.902Z

Reserved: 2024-11-19T17:17:25.019Z

Link: CVE-2024-53204

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-12-27T14:15:28.207

Modified: 2025-04-18T14:15:20.860

Link: CVE-2024-53204

Redhat

Severity : Moderate

Publid Date: 2024-12-27T00:00:00Z

Links: CVE-2024-53204 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object