CVE-2024-50302

Known Exploited
HID: core: zero-initialize the report buffer

Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.21%
KEV Since 
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 patch
https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 patch
https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 patch
https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf patch
https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b patch
https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191 patch
https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648 patch
https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552 patch

Frequently Asked Questions

What is the severity of CVE-2024-50302?
CVE-2024-50302 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50302?
To fix CVE-2024-50302, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50302 being actively exploited in the wild?
It is confirmed that CVE-2024-50302 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50302?
CVE-2024-50302 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.