CVE-2024-50302

CVE Database · CVE-2024-50302

CVE-2024-50302

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

0.81%

Published

Nov 18, 2024

Modified

May 12, 2026

CISA Known Exploited Vulnerability

Added: 2025-03-04 · Due: 2025-03-25

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-908CWE-908

Affected Products (46)

google · androidvulnerable

debian · debian_linuxvulnerable

siemens · simatic_s7-1500_tm_mfp_firmwarevulnerable

siemens · simatic_s7-1500_tm_mfp

siemens · sinec_os (up to 3.2)vulnerable

siemens · ruggedcom_rst2428p

siemens · scalance_xc316-8