⚠ Actively exploited
Added to CISA KEV on 2025-03-04. Federal agencies required to patch by 2025-03-25. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2024-50302 — Use of Uninitialized Resource in Linux
Severity
5.5MEDIUMNVD
OSV8.8OSV7.8OSV7.1OSV6.7OSV6.4OSV6.3OSV4.7
EPSS
1.7%
top 17.69%
CISA KEV
KEV
Added 2025-03-04
Due 2025-03-25
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedNov 19
KEV addedMar 4
KEV dueMar 25
Latest updateAug 27
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages13 packages
Also affects: Debian Linux 11.0