CVE-2024-50302

Home/CVE/Linux Kernel Use of Uninitialized Resource Vulnerability

CVE

Linux Kernel Use of Uninitialized Resource Vulnerability

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

MEDIUM · CVSS 5.5 ⚠ CISA KEV EPSS 0.02559

Act now

Listed on CISA KEV (known exploited in the wild)
SSVC exploitation status: active

Sigma rules0 YARA rules0

⬢

Required Remediation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

⬡

Weakness Classification

CWE-908Use of Uninitialized Resource

▤

Affected Products & Versions

google androidall versions
debian linuxall versions
siemens simatic s7-1500 tm mfp firmwareall versions
siemens sinec os< 3.2
linux kernel>= 3.12 and < 4.19.324
linux kernel>= 4.20 and < 5.4.286
linux kernel>= 5.5 and < 5.10.230
linux kernel>= 5.11 and < 5.15.172
Show all 12 affected productslinux kernel>= 5.16 and < 6.1.117
linux kernel>= 6.2 and < 6.6.61
linux kernel>= 6.7 and < 6.11.8
linux kernelall versions

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD19 Nov 2024 · 02:16 AM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC triage · cisa-vulnrichment

Exploitation

active

Automatable

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

suse-csafSUSE-SU-2025:4123-1
usnUSN-7720-1
siemens-csafSSA-355557
usnLSN-0112-1
usnUSN-7540-1
Show all 30 vendor advisoriesusnUSN-7539-1
usnUSN-7524-1
usnUSN-7523-1
usnUSN-7468-1
usnUSN-7458-1
usnUSN-7451-1
usnUSN-7402-5
suse-csafSUSE-SU-2025:20186-1
suse-csafSUSE-SU-2025:20188-1
suse-csafSUSE-SU-2025:20189-1
suse-csafSUSE-SU-2025:20191-1
suse-csafSUSE-SU-2025:20285-1
usnLSN-0111-1
usnUSN-7429-2
usnUSN-7429-1
usnUSN-7428-2
usnUSN-7428-1
usnUSN-7402-4
usnUSN-7402-3
usnUSN-7413-1
rhsaRHSA-2025:3301Important
usnUSN-7403-1
usnUSN-7402-2
usnUSN-7402-1
usnUSN-7401-1

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aafPatch

https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552Patch

https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0bPatch

https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5Patch

https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648Patch

https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191Patch

Show all 13 references

https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46Patch

https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlMailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlMailing List

https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlThird Party Advisory

https://cert-portal.siemens.com/productcert/html/ssa-355557.htmlThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302US Government Resource

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin