CVE-2024-50302

MEDIUM CISA KEV EPSS 52.3%
Published Nov 19, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 19, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Mar 4, 2025 1y ago
KEV Due Mar 25, 2025 464d overdue

Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

CISA Known Exploited Overdue 464d
Added
Mar 4, 2025
Due
Mar 25, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability
52.3% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-908

Affected Products 46

VendorProductVersionRange
googleandroid*any
debiandebian_linux11.0any
siemenssimatic_s7-1500_tm_mfp_firmware*any
siemenssimatic_s7-1500_tm_mfp*any
siemenssinec_os* <3.2
siemensruggedcom_rst2428p*any
siemensscalance_xc316-8*any
siemensscalance_xc319-4*any
siemensscalance_xc324-4*any
siemensscalance_xc324-4eec*any
siemensscalance_xc332*any
siemensscalance_xc416-8*any
siemensscalance_xc419-4*any
siemensscalance_xc424-4*any
siemensscalance_xc432*any
siemensscalance_xch328*any
siemensscalance_xcm324*any
siemensscalance_xcm328*any
siemensscalance_xcm332*any
siemensscalance_xr302-32*any
siemensscalance_xr322-12*any
siemensscalance_xr326-8*any
siemensscalance_xr326-8eec*any
siemensscalance_xr502-32*any
siemensscalance_xr522-12*any
siemensscalance_xr524-8c*any
siemensscalance_xr524-8wg*any
siemensscalance_xr526-8*any
siemensscalance_xr526-8c*any
siemensscalance_xr528-6m*any
siemensscalance_xr552-12m*any
siemensscalance_xrh334*any
siemensscalance_xrm334*any
linuxlinux_kernel*≥3.12  –  <4.19.324
linuxlinux_kernel*≥4.20  –  <5.4.286
linuxlinux_kernel*≥5.5  –  <5.10.230
linuxlinux_kernel*≥5.11  –  <5.15.172
linuxlinux_kernel*≥5.16  –  <6.1.117
linuxlinux_kernel*≥6.2  –  <6.6.61
linuxlinux_kernel*≥6.7  –  <6.11.8
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 13

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
    Third Party Advisory
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-355557.html
    Third Party Advisory
  • git.kernel.org https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
    Mailing List
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
    Mailing List
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302
    US Government Resource

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
    Patch