CVE-2024-50302: HID: core: zero-initialize the report buffer

5.5 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.

Known Exploited

🚨 Marked as known exploited on March 4th, 2025 (about 2 months ago).

Classification

CVE ID: CVE-2024-50302

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector:

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.23% (probability of being exploited)

EPSS Percentile: 43.2% (scored less or equal to compared to others)

EPSS Date: 2025-04-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: active

SSVC Technical Impact: total

SSVC Automatable: false

References

Timeline

2025-03-04 15:15:20 UTC
CISA KEV

Linux Kernel Use of Uninitialized Resource Vulnerability
2025-03-04 15:16:41 UTC
🚨 Marked as Known Exploited
2025-03-04 16:40:19 UTC
CVE

HID: core: zero-initialize the report buffer
2025-03-04 16:45:24 UTC
All CISA Advisories

CISA Adds Four Known Exploited Vulnerabilities to Catalog
2025-03-06 09:45:30 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50302
2025-03-11 11:45:20 UTC
Tenable Plugins

Azure Linux 3.0 Security Update: kernel (CVE-2024-50302)
2025-03-11 11:45:23 UTC
Tenable Plugins

Oracle Linux 8 : kernel (ELSA-2025-2473)