CVE-2024-50302
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2024-11-19

Last updated on: 2025-11-04

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2024-11-19
Last Modified
2025-11-04
Generated
2026-06-12
AI Q&A
2024-11-19
EPSS Evaluated
2026-06-10
NVD
CVE-2024-50302
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
google android *
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
debian debian_linux 11.0
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux operating system's core component, known as the kernel. It involves a part called the report buffer, which is used by various drivers. The issue was that this buffer wasn't being properly cleared out when it was created, which could potentially allow sensitive information from the system's memory to be exposed. The fix ensures that the buffer is cleared (zero-initialized) when it's allocated, preventing any accidental leaks of sensitive data.

Impact Analysis

If you use a system that relies on the Linux kernel, this vulnerability could pose a risk by potentially allowing unauthorized access to sensitive information stored in the system's memory. However, since this vulnerability has been resolved, the impact should be minimal if you keep your system updated.

Compliance Impact

This vulnerability could affect compliance with regulations like GDPR and HIPAA because it involves the potential exposure of sensitive data. If such data were leaked due to this vulnerability, it could lead to violations of these regulations. However, since the issue has been fixed, maintaining compliance should be easier as long as systems are kept up to date.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-50302. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart