CVE-2024-50302 - Vulnerability Details

- HID: core: zero-initialize the report buffer

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.

Published: 2024-11-19

Score: 5.5 Medium

EPSS: 1.7% Low

KEV: Yes

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< 3f9e88f2672c4635960570ee9741778d4135ecf5
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< 05ade5d4337867929e7ef664e7ac8e0c734f1aaf
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< 9d9f5c75c0c7f31766ec27d90f7a6ac673193191
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< 492015e6249fbcd42138b49de3c588d826dd9648
`27ce405039bfe6d3f4143415c638f56a3df77dca`	affected	< 177f25d1292c7e16e1199b39c85480f7f8815552
`b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7`	affected	—
`fe6c9b48ebc920ff21c10c50ab2729440c734254`	affected	—

Linux

affected

Version	Status	Constraints
`3.12`	affected	—
`0`	unaffected	< 3.12
`4.19.324`	unaffected	≤ 4.19.*
`5.4.286`	unaffected	≤ 5.4.*
`5.10.230`	unaffected	≤ 5.10.*
`5.15.172`	unaffected	≤ 5.15.*
`6.1.117`	unaffected	≤ 6.1.*
`6.6.61`	unaffected	≤ 6.6.*
`6.11.8`	unaffected	≤ 6.11.*
`6.12`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:sinec_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:siemens:ruggedcom_rst2428p:-:::::::*
	cpe:2.3:h:siemens:scalance_xc316-8:-:::::::*
	cpe:2.3:h:siemens:scalance_xc319-4:-:::::::*
	cpe:2.3:h:siemens:scalance_xc324-4:-:::::::*
	cpe:2.3:h:siemens:scalance_xc324-4eec:-:::::::*
	cpe:2.3:h:siemens:scalance_xc332:-:::::::*
	cpe:2.3:h:siemens:scalance_xc416-8:-:::::::*
	cpe:2.3:h:siemens:scalance_xc419-4:-:::::::*
	cpe:2.3:h:siemens:scalance_xc424-4:-:::::::*
	cpe:2.3:h:siemens:scalance_xc432:-:::::::*
	cpe:2.3:h:siemens:scalance_xch328:-:::::::*
	cpe:2.3:h:siemens:scalance_xcm324:-:::::::*
	cpe:2.3:h:siemens:scalance_xcm328:-:::::::*
	cpe:2.3:h:siemens:scalance_xcm332:-:::::::*
	cpe:2.3:h:siemens:scalance_xr302-32:-:::::::*
	cpe:2.3:h:siemens:scalance_xr322-12:-:::::::*
	cpe:2.3:h:siemens:scalance_xr326-8:-:::::::*
	cpe:2.3:h:siemens:scalance_xr326-8eec:-:::::::*
	cpe:2.3:h:siemens:scalance_xr502-32:-:::::::*
	cpe:2.3:h:siemens:scalance_xr522-12:-:::::::*
	cpe:2.3:h:siemens:scalance_xr524-8c:-:::::::*
	cpe:2.3:h:siemens:scalance_xr524-8wg:-:::::::*
	cpe:2.3:h:siemens:scalance_xr526-8:-:::::::*
	cpe:2.3:h:siemens:scalance_xr526-8c:-:::::::*
	cpe:2.3:h:siemens:scalance_xr528-6m:-:::::::*
	cpe:2.3:h:siemens:scalance_xr552-12m:-:::::::*
	cpe:2.3:h:siemens:scalance_xrh334:-:::::::*
	cpe:2.3:h:siemens:scalance_xrm334:-:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
kernel-0:2.6.32-754.56.1.el6	cpe:/o:redhat:rhel_els:6	RHSA-2025:2517	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
kernel-0:3.10.0-1062.93.1.el7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2025:2514	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
kernel-rt-0:3.10.0-1160.133.1.rt56.1285.el7	cpe:/a:redhat:rhel_extras_rt_els:7	RHSA-2025:2510	2025-03-10T00:00:00Z
kernel-0:3.10.0-1160.133.1.el7	cpe:/o:redhat:rhel_els:7	RHSA-2025:2501	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.44.1.rt7.385.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2025:2474	2025-03-10T00:00:00Z
kernel-0:4.18.0-553.44.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:2473	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
kernel-0:4.18.0-193.146.1.el8_2	cpe:/o:redhat:rhel_aus:8.2	RHSA-2025:2646	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
kernel-0:4.18.0-305.151.1.el8_4	cpe:/o:redhat:rhel_aus:8.4	RHSA-2025:2528	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
kernel-rt-0:4.18.0-305.151.1.rt7.228.el8_4	cpe:/a:redhat:rhel_tus:8.4::nfv	RHSA-2025:2524	2025-03-10T00:00:00Z
kernel-0:4.18.0-305.151.1.el8_4	cpe:/o:redhat:rhel_tus:8.4	RHSA-2025:2528	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
kernel-0:4.18.0-305.151.1.el8_4	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2025:2528	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.141.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2025:2489	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.141.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2025:2489	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.141.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2025:2489	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.93.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2025:2525	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.31.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:2627	2025-03-11T00:00:00Z
kernel-0:5.14.0-503.31.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:2627	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.125.1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:2488	2025-03-10T00:00:00Z
kernel-rt-0:5.14.0-70.125.1.rt21.197.el9_0	cpe:/a:redhat:rhel_e4s:9.0::nfv	RHSA-2025:2512	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.108.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:2475	2025-03-10T00:00:00Z
kernel-rt-0:5.14.0-284.108.1.rt14.393.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2025:2476	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
kernel-0:5.14.0-427.59.1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2490	2025-03-10T00:00:00Z
Red Hat OpenShift Container Platform 4.12
rhcos-412.86.202503052321-0	cpe:/a:redhat:openshift:4.12::el8	RHSA-2025:2441	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.13
rhcos-413.92.202503112237-0	cpe:/a:redhat:openshift:4.13::el9	RHSA-2025:2701	2025-03-20T00:00:00Z
Red Hat OpenShift Container Platform 4.14
rhcos-414.92.202503100617-0	cpe:/a:redhat:openshift:4.14::el9	RHSA-2025:2710	2025-03-19T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202503060749-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2025:2454	2025-03-13T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202503252048-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:3301	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.17
rhcos-417.94.202503060903-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:2445	2025-03-12T00:00:00Z
Red Hat OpenShift Container Platform 4.18
rhcos-418.94.202503061016-0	cpe:/a:redhat:openshift:4.18::el9	RHSA-2025:2449	2025-03-11T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4008-1	linux-6.1 security update
Debian DLA	DLA-4075-1	linux security update
Debian DSA	DSA-5818-1	linux security update
EUVD	EUVD-2024-44804	In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
Ubuntu USN	USN-7276-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7277-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7288-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7288-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7289-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7291-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7293-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7294-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7295-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7305-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7308-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7310-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7331-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7388-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7389-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-7390-1	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7393-1	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7402-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7402-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7402-3	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-7402-4	Linux kernel vulnerabilities
Ubuntu USN	USN-7402-5	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-7403-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7428-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7428-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7429-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7429-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7451-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7458-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7468-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7523-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-7524-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7539-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7540-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7720-1	Linux kernel vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 4, 2025.

The EPSS score is 0.01736.

Exploitation active

Automatable no

Technical Impact partial

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-50302
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302
https://www.cve.org/CVERecord?id=CVE-2024-50302

History

Tue, 12 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens ruggedcom Rst2428p Siemens scalance Xc316-8 Siemens scalance Xc319-4 Siemens scalance Xc324-4 Siemens scalance Xc324-4eec Siemens scalance Xc332 Siemens scalance Xc416-8 Siemens scalance Xc419-4 Siemens scalance Xc424-4 Siemens scalance Xc432 Siemens scalance Xch328 Siemens scalance Xcm324 Siemens scalance Xcm328 Siemens scalance Xcm332 Siemens scalance Xr302-32 Siemens scalance Xr322-12 Siemens scalance Xr326-8 Siemens scalance Xr326-8eec Siemens scalance Xr502-32 Siemens scalance Xr522-12 Siemens scalance Xr524-8c Siemens scalance Xr524-8wg Siemens scalance Xr526-8 Siemens scalance Xr526-8c Siemens scalance Xr528-6m Siemens scalance Xr552-12m Siemens scalance Xrh334 Siemens scalance Xrm334 Siemens simatic S7-1500 Tm Mfp Siemens simatic S7-1500 Tm Mfp Firmware Siemens sinec Os
CPEs		cpe:2.3:h:siemens:ruggedcom_rst2428p:-:::::::* cpe:2.3:h:siemens:scalance_xc316-8:-:::::::* cpe:2.3:h:siemens:scalance_xc319-4:-:::::::* cpe:2.3:h:siemens:scalance_xc324-4:-:::::::* cpe:2.3:h:siemens:scalance_xc324-4eec:-:::::::* cpe:2.3:h:siemens:scalance_xc332:-:::::::* cpe:2.3:h:siemens:scalance_xc416-8:-:::::::* cpe:2.3:h:siemens:scalance_xc419-4:-:::::::* cpe:2.3:h:siemens:scalance_xc424-4:-:::::::* cpe:2.3:h:siemens:scalance_xc432:-:::::::* cpe:2.3:h:siemens:scalance_xch328:-:::::::* cpe:2.3:h:siemens:scalance_xcm324:-:::::::* cpe:2.3:h:siemens:scalance_xcm328:-:::::::* cpe:2.3:h:siemens:scalance_xcm332:-:::::::* cpe:2.3:h:siemens:scalance_xr302-32:-:::::::* cpe:2.3:h:siemens:scalance_xr322-12:-:::::::* cpe:2.3:h:siemens:scalance_xr326-8:-:::::::* cpe:2.3:h:siemens:scalance_xr326-8eec:-:::::::* cpe:2.3:h:siemens:scalance_xr502-32:-:::::::* cpe:2.3:h:siemens:scalance_xr522-12:-:::::::* cpe:2.3:h:siemens:scalance_xr524-8c:-:::::::* cpe:2.3:h:siemens:scalance_xr524-8wg:-:::::::* cpe:2.3:h:siemens:scalance_xr526-8:-:::::::* cpe:2.3:h:siemens:scalance_xr526-8c:-:::::::* cpe:2.3:h:siemens:scalance_xr528-6m:-:::::::* cpe:2.3:h:siemens:scalance_xr552-12m:-:::::::* cpe:2.3:h:siemens:scalance_xrh334:-:::::::* cpe:2.3:h:siemens:scalance_xrm334:-:::::::* cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:::::::* cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:-:::::::* cpe:2.3:o:siemens:sinec_os::::::::
Vendors & Products		Siemens Siemens ruggedcom Rst2428p Siemens scalance Xc316-8 Siemens scalance Xc319-4 Siemens scalance Xc324-4 Siemens scalance Xc324-4eec Siemens scalance Xc332 Siemens scalance Xc416-8 Siemens scalance Xc419-4 Siemens scalance Xc424-4 Siemens scalance Xc432 Siemens scalance Xch328 Siemens scalance Xcm324 Siemens scalance Xcm328 Siemens scalance Xcm332 Siemens scalance Xr302-32 Siemens scalance Xr322-12 Siemens scalance Xr326-8 Siemens scalance Xr326-8eec Siemens scalance Xr502-32 Siemens scalance Xr522-12 Siemens scalance Xr524-8c Siemens scalance Xr524-8wg Siemens scalance Xr526-8 Siemens scalance Xr526-8c Siemens scalance Xr528-6m Siemens scalance Xr552-12m Siemens scalance Xrh334 Siemens scalance Xrm334 Siemens simatic S7-1500 Tm Mfp Siemens simatic S7-1500 Tm Mfp Firmware Siemens sinec Os

Tue, 12 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
References		https://cert-portal.siemens.com/productcert/html/ssa-265688.html https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Tue, 04 Nov 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
CPEs		cpe:2.3:o:debian:debian_linux:11.0:::::::*
Vendors & Products		Debian Debian debian Linux

Mon, 03 Nov 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302
Metrics	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
CPEs		cpe:2.3:o:google:android:-:::::::*
Vendors & Products		Google Google android
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302

Wed, 30 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00247}`	epss `{'score': 0.00219}`

Fri, 04 Apr 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.16::el9

Thu, 20 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.13::el9 cpe:/a:redhat:openshift:4.14::el9

Fri, 14 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.12::el8

Thu, 13 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el9

Thu, 13 Mar 2025 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9

Wed, 12 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:openshift:4.18::el9 cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_aus:8.2
Vendors & Products		Redhat openshift

Tue, 11 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els Redhat rhel Extras Rt Els
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.0::nfv cpe:/a:redhat:rhel_extras_rt_els:7 cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:7.7 cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_els:6 cpe:/o:redhat:rhel_els:7 cpe:/o:redhat:rhel_eus:8.8 cpe:/o:redhat:rhel_tus:8.4
Vendors & Products		Redhat rhel Els Redhat rhel Extras Rt Els

Mon, 10 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.2::nfv cpe:/a:redhat:rhel_eus:9.4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_tus:8.6
Vendors & Products		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus

Sun, 09 Mar 2025 14:30:00 +0000

Type	Values Removed	Values Added
References		https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/

Sat, 08 Mar 2025 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665
Metrics	threat_severity `Important`	threat_severity `Moderate`

Wed, 05 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Tue, 04 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-03-04'}`

Tue, 04 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sun, 02 Mar 2025 06:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Low`	threat_severity `Important`

Wed, 27 Nov 2024 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 22 Nov 2024 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665
References		https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-50302 https://www.cve.org/CVERecord?id=CVE-2024-50302
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}` threat_severity `Low`

Tue, 19 Nov 2024 01:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
Title		HID: core: zero-initialize the report buffer
References		https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552 https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648 https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191 https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26

Subscriptions

Debian Debian Linux

Google Android

Linux Linux Kernel

Redhat Enterprise Linux Openshift Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Extras Rt Els Rhel Tus

Siemens Ruggedcom Rst2428p Scalance Xc316-8 Scalance Xc319-4 Scalance Xc324-4 Scalance Xc324-4eec Scalance Xc332 Scalance Xc416-8 Scalance Xc419-4 Scalance Xc424-4 Scalance Xc432 Scalance Xch328 Scalance Xcm324 Scalance Xcm328 Scalance Xcm332 Scalance Xr302-32 Scalance Xr322-12 Scalance Xr326-8 Scalance Xr326-8eec Scalance Xr502-32 Scalance Xr522-12 Scalance Xr524-8c Scalance Xr524-8wg Scalance Xr526-8 Scalance Xr526-8c Scalance Xr528-6m Scalance Xr552-12m Scalance Xrh334 Scalance Xrm334 Simatic S7-1500 Tm Mfp Simatic S7-1500 Tm Mfp Firmware Sinec Os

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-11-19T01:30:51.300Z

Updated: 2026-05-12T12:01:00.886Z

Reserved: 2024-10-21T19:36:19.987Z

Link: CVE-2024-50302

Vulnrichment

Updated: 2025-11-03T22:28:19.656Z

NVD

Status : Analyzed

Published: 2024-11-19T02:16:32.320

Modified: 2026-05-12T18:47:16.597

Link: CVE-2024-50302

Redhat

Severity : Moderate

Publid Date: 2024-11-19T00:00:00Z

Links: CVE-2024-50302 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-908

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation active

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object