CVE-2024-50302

Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

CVSS Metrics

• v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 2.56%• Percentile: 86%

Techniques & Countermeasures

• CWE-908•Use of Uninitialized Resource

  The product uses or accesses a resource that has not been initialized.

Affected Systems

• debian•debian_linux

  11.0

• google•android

  na

• linux•linux

  ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < 3f9e88f2672c4635960570ee9741778d4135ecf5 | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < 492015e6249fbcd42138b49de3c588d826dd9648 | ≥ 27ce405039bfe6d3f4143415c638f56a3df77dca, < 177f25d1292c7e16e1199b39c85480f7f8815552 | b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 | fe6c9b48ebc920ff21c10c50ab2729440c734254 | ≥ 3.10.16, < 3.11 | ≥ 3.11.5, < 3.12 | 3.12

• linux•linux_kernel

  ≥ 3.12, < 4.19.324 | ≥ 4.20, < 5.4.286 | ≥ 5.5, < 5.10.230 | ≥ 5.11, < 5.15.172 | ≥ 5.16, < 6.1.117 | ≥ 6.2, < 6.6.61 | ≥ 6.7, < 6.11.8 | 6.12:rc1 | 6.12:rc2 | 6.12:rc3 | 6.12:rc4 | 6.12:rc5 | 6.12:rc6

• siemens•simatic_s7-1500_tm_mfp_firmware

  na

• siemens•sinec_os

  < 3.2

References (13)

• https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
• https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
• https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
• https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
• https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
• https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
• https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
• https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302
• https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
• https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
• https://cert-portal.siemens.com/productcert/html/ssa-265688.html
• https://cert-portal.siemens.com/productcert/html/ssa-355557.html