CVE-2024-50302
published 2024-11-19CVE-2024-50302: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds…
PriorityP278medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-03-25
Exploited in the wild
EPSS
0.81%
52.3th percentile
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.119-1 (bookworm) | linux 6.1.119-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.119-1 (bookworm) | linux 6.1.119-1 (bookworm) |
| android | — | — | |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | — | — |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 | e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < 3f9e88f2672c4635960570ee9741778d4135ecf5 | 3f9e88f2672c4635960570ee9741778d4135ecf5 |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 | d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf | 05ade5d4337867929e7ef664e7ac8e0c734f1aaf |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b | 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 | 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < 492015e6249fbcd42138b49de3c588d826dd9648 | 492015e6249fbcd42138b49de3c588d826dd9648 |
| linux | linux | >= 27ce405039bfe6d3f4143415c638f56a3df77dca < 177f25d1292c7e16e1199b39c85480f7f8815552 | 177f25d1292c7e16e1199b39c85480f7f8815552 |
| linux | linux | >= 3.10.16 < 3.11 | 3.11 |
| linux | linux | >= 3.11.5 < 3.12 | 3.12 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.234-1 | 5.10.234-1 |
| linux | linux_kernel | >= 0 < 6.1.119-1 | 6.1.119-1 |
| linux | linux_kernel | >= 0 < 6.11.9-1 | 6.11.9-1 |
| linux | linux_kernel | >= 0 < 6.11.9-1 | 6.11.9-1 |
| linux | linux_kernel | >= 0 < 5.4.0-208.228 | 5.4.0-208.228 |
| linux | linux_kernel | >= 0 < 5.15.0-133.144 | 5.15.0-133.144 |
| linux | linux_kernel | >= 0 < 6.8.0-57.59 | 6.8.0-57.59 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-50302 was exploited as part of a chained Android zero-day exploit developed by Cellebrite, used by Serbian authorities to unlock confiscated Android devices. Detection should focus on unexpected HID (Human Interface Device) connections on Android/Linux endpoints, particularly in forensic or law enforcement contexts. ↗
- →The vulnerability enables kernel memory leakage via a specially crafted HID report. Monitor for anomalous or malicious USB HID device connections, especially emulated HID devices, on sensitive Linux/Android systems. ↗
- →Exploitation requires a local, authenticated attacker emulating a malicious Human Interface Device (HID). Audit USB device enumeration events and flag newly connected HID devices on locked or confiscated devices. ↗
- →CVE-2024-50302 is part of a three-CVE exploit chain also involving CVE-2024-53104 (USB Video Class) and CVE-2024-53197 (ALSA USB-audio). Detection pipelines should correlate exploitation attempts across all three CVEs, as they are used together. ↗
- →The vulnerability is in the HID core report buffer allocation path in the Linux kernel. On Android, patch level 2025-03-01 or later addresses this CVE. Systems not yet patched to this level remain vulnerable and should be prioritized. ↗
- ·Exploitation requires bypassing KASLR; the vulnerability alone does not guarantee full compromise but enables kernel memory disclosure to facilitate further exploitation. ↗
- ·Red Hat Enterprise Linux 10 (both kernel and kernel-rt) and RHEL 9 kernel-rt are listed as Not Affected. Detection/patching efforts should focus on other affected Linux distributions and Android. ↗
- ·No vendor mitigation is currently available for affected Red Hat products; the only remediation is patching. ↗
- ·Google Pixel devices receive updates immediately, but other Android OEM vendors may take longer to deploy the March 2025 patch, leaving a window of exposure. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv8.8HIGH
vulncheck5.5MEDIUM
cisa5.5MEDIUM
vendor_ubuntu8.8HIGH
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux vulnerabilities
osv·2025-08-27·CVSS 6.4
CVE-2021-0920 [MEDIUM] linux vulnerabilities
linux vulnerabilities
It was discovered a race condition existed in the Unix domain socket
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-0920)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Media drivers;
(CVE-2024-50302, CVE-2024-53104)
OSV
Kernel Live Patch Security Notice
osv·2025-05-29·CVSS 7.8
[HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been
resolved: nfsd: fix use-after-free due to delegation race A delegation
break could arrive as soon as we've called vfs_setlease. A delegation break
runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the
delegation to del_recall_lru. If we then exit nfs4_set_delegation without
hashing the delegation, it will be freed as soon as the callback is done
with it, without ever being removed from del_recall_lru. Symptoms show up
later as use-after-free or list corruption warnings, usually in the
laundromat thread. I suspect aba2072f4523 'nfsd: grant read delegations to
clients holding writes' made this bug easier to hit, but I looked as far
back as v3.0 and it looks to me it already had the
OSV
linux-raspi-5.4 vulnerabilities
osv·2025-05-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC archi
OSV
linux-raspi vulnerabilities
osv·2025-05-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architect
OSV
linux-raspi vulnerabilities
osv·2025-05-26
linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto d
OSV
linux-raspi-realtime vulnerabilities
osv·2025-05-20
linux-raspi-realtime vulnerabilities
linux-raspi-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware
OSV
linux-azure-nvidia vulnerabilities
osv·2025-04-28·CVSS 8.8
CVE-2024-8805 [HIGH] linux-azure-nvidia vulnerabilities
linux-azure-nvidia vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive informa
OSV
linux-ibm-5.15 vulnerabilities
osv·2025-04-24
CVE-2025-0927 linux-ibm-5.15 vulnerabilities
linux-ibm-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block d
OSV
linux-aws-6.8 vulnerabilities
osv·2025-04-23
linux-aws-6.8 vulnerabilities
linux-aws-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link
OSV
linux-gcp-6.8 vulnerabilities
osv·2025-04-22·CVSS 5.5
CVE-2024-57798 [MEDIUM] linux-gcp-6.8 vulnerabilities
linux-gcp-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
OSV
Kernel Live Patch Security Notice
osv·2025-04-16·CVSS 7.8
CVE-2022-0995 [HIGH] Kernel Live Patch Security Notice
Kernel Live Patch Security Notice
It was discovered that the watch_queue event notification system contained
an out-of-bounds write vulnerability. A local attacker could use this to
cause a denial of service or escalate their privileges.)(CVE-2022-0995)
In the Linux kernel, the following vulnerability has been
resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to avoid
UAF.)(CVE-2024-26928)
In the Linux kernel, the following vulnerability has been
resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break()
Skip sessions that are being teared down (status == SES_EXITING) to avoid
UAF.)(CVE-2024-35864)
In the Linux kernel, the following vulnerability has been
resolved: HID: core: zero-initi
OSV
linux-fips vulnerabilities
osv·2025-04-09·CVSS 5.5
[MEDIUM] linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Drivers core;
- HID subsystem;
- Network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- Network file system (NFS) client;
- Memory management;
- Network namespace;
- CAIF protocol;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Network traffic control;
(CVE-2025-21702, CVE-2024-53227, CVE-2024-46826, CVE-2024-49952,
CVE-2024-56600, CVE-2021-47235, CVE-2024-50265, CVE-2021-47119,
CVE-2024-53165, CVE-2021-47483, CVE-2024-50302, CVE-2024-56595,
CVE-
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
osv·2025-04-09·CVSS 7.1
CVE-2022-23041 [HIGH] linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Network drivers;
- Mellanox network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- IP tunnels definitions;
- Netwo
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2025-04-09·CVSS 5.5
[MEDIUM] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Drivers core;
- HID subsystem;
- Network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- Network file system (NFS) client;
- Memory management;
- Network namespace;
- CAIF protocol;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Network traffic control;
(CVE-2025-21702, CVE-2024-53227, CVE-2024-46826, CVE-2024-49952,
CVE-2024-56600, CVE-2021-47235, CVE-2024-50265, CVE-2021-47119,
CVE-2024-53165, CVE-2021-47483, C
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2025-04-09·CVSS 7.1
CVE-2022-23041 [HIGH] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Network drivers;
- Mellanox network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4
OSV
linux-azure, linux-azure-6.8, linux-nvidia-lowlatency vulnerabilities
osv·2025-04-07·CVSS 5.5
CVE-2024-57798 [MEDIUM] linux-azure, linux-azure-6.8, linux-nvidia-lowlatency vulnerabilities
linux-azure, linux-azure-6.8, linux-nvidia-lowlatency vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
OSV
linux-nvidia, linux-nvidia-6.8 vulnerabilities
osv·2025-04-04·CVSS 5.5
CVE-2024-57798 [MEDIUM] linux-nvidia, linux-nvidia-6.8 vulnerabilities
linux-nvidia, linux-nvidia-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
OSV
linux-iot vulnerabilities
osv·2025-04-03·CVSS 5.5
CVE-2022-38096 [MEDIUM] linux-iot vulnerabilities
linux-iot vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly
OSV
linux-hwe-6.8 vulnerabilities
osv·2025-04-01·CVSS 8.8
CVE-2024-8805 [HIGH] linux-hwe-6.8 vulnerabilities
linux-hwe-6.8 vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 arch
OSV
linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities
osv·2025-04-01·CVSS 5.5
[MEDIUM] linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities
linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
OSV
linux-realtime vulnerabilities
osv·2025-04-01·CVSS 5.5
CVE-2024-57798 [MEDIUM] linux-realtime vulnerabilities
linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
OSV
linux-aws-5.4 vulnerabilities
osv·2025-04-01·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC archite
OSV
linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
osv·2025-03-28
CVE-2025-0927 linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
linux-nvidia-tegra, linux-nvidia-tegra-igx vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Driver
OSV
linux-fips vulnerabilities
osv·2025-03-28·CVSS 5.5
CVE-2024-23848 [MEDIUM] linux-fips vulnerabilities
linux-fips vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architectu
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-03-28
CVE-2025-0927 linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed bl
OSV
linux-aws-5.15, linux-kvm vulnerabilities
osv·2025-03-27
CVE-2025-0927 linux-aws-5.15, linux-kvm vulnerabilities
linux-aws-5.15, linux-kvm vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM bac
OSV
linux-hwe-5.15 vulnerabilities
osv·2025-03-05·CVSS 5.5
CVE-2025-0927 [MEDIUM] linux-hwe-5.15 vulnerabilities
linux-hwe-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network
OSV
linux-kvm vulnerabilities
osv·2025-03-03·CVSS 5.5
[MEDIUM] linux-kvm vulnerabilities
linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- Framebuffer layer;
- BTRFS file
OSV
CVE-2024-50302: In hid_alloc_report_buf of hid-core
osv·2025-03-01
CVE-2024-50302 CVE-2024-50302: In hid_alloc_report_buf of hid-core
In hid_alloc_report_buf of hid-core.c, there is a possible leak of kernel memory contents to a USB HID due to uninitialized data. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
linux-ibm vulnerabilities
osv·2025-02-28·CVSS 4.7
[MEDIUM] linux-ibm vulnerabilities
linux-ibm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- Framebuffer layer;
- BTRFS file
OSV
linux-oem-6.11 vulnerabilities
osv·2025-02-28
CVE-2025-0927 linux-oem-6.11 vulnerabilities
linux-oem-6.11 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
-
OSV
linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
osv·2025-02-27·CVSS 4.7
[MEDIUM] linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
-
OSV
linux-aws vulnerabilities
osv·2025-02-27·CVSS 7.8
[HIGH] linux-aws vulnerabilities
linux-aws vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interface
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
osv·2025-02-27·CVSS 5.5
[MEDIUM] linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Conne
OSV
linux-raspi vulnerabilities
osv·2025-02-26·CVSS 5.5
[MEDIUM] linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interfa
OSV
linux, linux-hwe-5.4 vulnerabilities
osv·2025-02-26
CVE-2025-0927 linux, linux-hwe-5.4 vulnerabilities
linux, linux-hwe-5.4 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Med
OSV
linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4 vulnerabilities
osv·2025-02-26·CVSS 6.3
[MEDIUM] linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4 vulnerabilities
linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Se
OSV
linux-xilinx-zynqmp vulnerabilities
osv·2025-02-26·CVSS 6.7
CVE-2023-21400 [MEDIUM] linux-xilinx-zynqmp vulnerabilities
linux-xilinx-zynqmp vulnerabilities
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Me
OSV
linux-gcp, linux-gcp-5.15, linux-gke vulnerabilities
osv·2025-02-26·CVSS 7.8
[HIGH] linux-gcp, linux-gcp-5.15, linux-gke vulnerabilities
linux-gcp, linux-gcp-5.15, linux-gke vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connecto
OSV
linux-lowlatency-hwe-5.15 vulnerabilities
osv·2025-02-25·CVSS 5.5
CVE-2025-0927 [MEDIUM] linux-lowlatency-hwe-5.15 vulnerabilities
linux-lowlatency-hwe-5.15 vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers
OSV
linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities
osv·2025-02-25·CVSS 5.5
[MEDIUM] linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities
linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
OSV
linux-ibm vulnerabilities
osv·2025-02-25·CVSS 5.5
[MEDIUM] linux-ibm vulnerabilities
linux-ibm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interface
OSV
linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle vulnerabilities
osv·2025-02-24·CVSS 5.5
[MEDIUM] linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle vulnerabilities
linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C supp
OSV
linux, linux-lowlatency vulnerabilities
osv·2025-02-24·CVSS 5.5
CVE-2025-0927 [MEDIUM] linux, linux-lowlatency vulnerabilities
linux, linux-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
OSV
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
osv·2025-02-19
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- RAM backed block device driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework a
OSV
linux, linux-lowlatency vulnerabilities
osv·2025-02-19
CVE-2025-0927 linux, linux-lowlatency vulnerabilities
linux, linux-lowlatency vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI d
GHSA
GHSA-9qwc-r24c-26j3: In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by
ghsa_unreviewed·2024-11-19
CVE-2024-50302 [MEDIUM] CWE-908 GHSA-9qwc-r24c-26j3: In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
OSV
CVE-2024-50302: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by al
osv·2024-11-19·CVSS 5.5
CVE-2024-50302 [MEDIUM] CVE-2024-50302: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by al
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
VulnCheck
Linux Kernel Use of Uninitialized Resource Vulnerability
vulncheck·2024·CVSS 5.5
CVE-2024-50302 [MEDIUM] CWE-908 Linux Kernel Use of Uninitialized Resource Vulnerability
Linux Kernel Use of Uninitialized Resource Vulnerability
The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
Affected: Linux Kernel
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/; https://source.android.com/docs/security/bulletin/2025-03-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabiliti
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-08-27·CVSS 6.4
CVE-2021-0920 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered a race condition existed in the Unix domain socket
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-0920)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Media drivers;
(CVE-2024-50302, CVE-2024-53104)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel upd
CISA ICS
Siemens Third-Party Components in SINEC OS
cisa_ics·2025-08-14
Siemens Third-Party Components in SINEC OS
ICS Advisory
##
Siemens Third-Party Components in SINEC OS
Release DateAugust 14, 2025
Alert CodeICSA-25-226-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Third-Party Components in SINEC OS
- Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read,
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2025-05-29·CVSS 7.8
CVE-2022-0995 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
In the Linux kernel, the following vulnerability has been
resolved: nfsd: fix use-after-free due to delegation race A delegation
break could arrive as soon as we've called vfs_setlease. A delegation break
runs a callback which immediately (in nfsd4_cb_recall_prepare) adds the
delegation to del_recall_lru. If we then exit nfs4_set_delegation without
hashing the delegation, it will be freed as soon as the callback is done
with it, without ever being removed from del_recall_lru. Symptoms show up
later as use-after-free or list corruption warnings, usually in the
laundromat thread. I suspect aba2072f4523 'nfsd: grant read delegations to
clients holding writes' made this bug easier to hit, but
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-28·CVSS 5.5
CVE-2024-53198 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This upd
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-28·CVSS 5.5
CVE-2025-21731 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This upd
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2025-05-26
CVE-2024-56551 Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and drivers;
- Data
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities
vendor_ubuntu·2025-05-20
CVE-2024-57793 Linux kernel (Raspberry Pi Real-time) vulnerabilities
Title: Linux kernel (Raspberry Pi Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Virtio block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock framework and driver
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities
vendor_ubuntu·2025-04-28·CVSS 8.8
CVE-2024-53083 [HIGH] Linux kernel (Azure, N-Series) vulnerabilities
Title: Linux kernel (Azure, N-Series) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target na
Ubuntu
Linux kernel (IBM) vulnerabilities
vendor_ubuntu·2025-04-24
CVE-2024-40965 Linux kernel (IBM) vulnerabilities
Title: Linux kernel (IBM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsyst
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-23
CVE-2024-53083 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- TPM device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- CPU frequency scaling
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2025-04-22·CVSS 5.5
CVE-2024-53140 [MEDIUM] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to
Ubuntu
Kernel Live Patch Security Notice
vendor_ubuntu·2025-04-16·CVSS 7.8
CVE-2024-50302 [HIGH] Kernel Live Patch Security Notice
Title: Kernel Live Patch Security Notice
Summary: Several security issues were fixed in the kernel.
It was discovered that the watch_queue event notification system contained
an out-of-bounds write vulnerability. A local attacker could use this to
cause a denial of service or escalate their privileges.)(CVE-2022-0995)
In the Linux kernel, the following vulnerability has been
resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to avoid
UAF.)(CVE-2024-26928)
In the Linux kernel, the following vulnerability has been
resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break()
Skip sessions that are being teared down (status == SES_EXITING) to avoid
UAF.)(CVE-2024-35864)
In the Linux kernel, t
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-09·CVSS 5.5
CVE-2024-50302 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Drivers core;
- HID subsystem;
- Network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- Network file system (NFS) client;
- Memory management;
- Network namespace;
- CAIF protocol;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Network traffic control;
(CVE-2025-21702, CVE-2024-53227, CVE-2024-46826, CVE-2024-49952,
CVE-2024-56600, CVE-2021-47235, CVE-2024-50265, CVE-2021-
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-04-09·CVSS 5.5
CVE-2024-50302 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Drivers core;
- HID subsystem;
- Network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- Network file system (NFS) client;
- Memory management;
- Network namespace;
- CAIF protocol;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Network traffic control;
(CVE-2025-21702, CVE-2024-53227, CVE-2024-46826, CVE-2024-49952,
CVE-2024-56600, CVE-2021-47235, CVE-2024-50265, CV
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-09·CVSS 7.1
CVE-2021-47119 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Network drivers;
- Mellanox network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- IP tun
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-04-09·CVSS 7.1
CVE-2021-47101 [HIGH] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HID subsystem;
- Network drivers;
- Mellanox network drivers;
- SCSI subsystem;
- SuperH / SH-Mobile drivers;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-07·CVSS 5.5
CVE-2024-57798 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recomp
Ubuntu
Linux kernel (NVIDIA) vulnerabilities
vendor_ubuntu·2025-04-04·CVSS 5.5
CVE-2024-53063 [MEDIUM] Linux kernel (NVIDIA) vulnerabilities
Title: Linux kernel (NVIDIA) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you
Ubuntu
Linux kernel (IoT) vulnerabilities
vendor_ubuntu·2025-04-03·CVSS 6.3
CVE-2024-50006 [MEDIUM] Linux kernel (IoT) vulnerabilities
Title: Linux kernel (IoT) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A loca
Ubuntu
Linux kernel (Real-time) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53140 [MEDIUM] Linux kernel (Real-time) vulnerabilities
Title: Linux kernel (Real-time) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires y
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53183 [MEDIUM] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corre
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 8.8
CVE-2024-49888 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-04-01·CVSS 5.5
CVE-2024-53140 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- GPU drivers;
- HID subsystem;
- Media drivers;
- JFS file system;
- Network namespace;
- Networking core;
- Netlink;
(CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598,
CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recomp
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-50153 Linux kernel (Xilinx ZynqMP) vulnerabilities
Title: Linux kernel (Xilinx ZynqMP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block lay
Ubuntu
Linux kernel (FIPS) vulnerabilities
vendor_ubuntu·2025-03-28·CVSS 5.5
CVE-2024-50006 [MEDIUM] Linux kernel (FIPS) vulnerabilities
Title: Linux kernel (FIPS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corr
Ubuntu
Linux kernel (NVIDIA Tegra) vulnerabilities
vendor_ubuntu·2025-03-28
CVE-2024-50153 Linux kernel (NVIDIA Tegra) vulnerabilities
Title: Linux kernel (NVIDIA Tegra) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block laye
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-27
CVE-2024-56724 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-05·CVSS 5.5
CVE-2023-52913 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
-
CISA
Linux Kernel Use of Uninitialized Resource Vulnerability
cisa·2025-03-04·CVSS 5.5
CVE-2024-50302 [MEDIUM] CWE-908 Linux Kernel Use of Uninitialized Resource Vulnerability
Vulnerability: Linux Kernel Use of Uninitialized Resource Vulnerability
Affected: Linux Kernel
The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-50302
Remedi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-03-03·CVSS 5.5
CVE-2024-49973 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Android
CVE-2024-50302: HID
vendor_android·2025-03-01·CVSS 5.5
CVE-2024-50302 [MEDIUM] CVE-2024-50302: HID
Android Security Bulletin 2025-03-01
CVE: CVE-2024-50302
Severity: HIGH
Type: ID
Component: HID
References: A-380395346
Upstream kernel
[2]
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-28
CVE-2024-47738 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-28·CVSS 5.5
CVE-2024-50278 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-27·CVSS 5.5
CVE-2024-50245 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-27·CVSS 4.7
CVE-2024-50006 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-27·CVSS 7.8
CVE-2024-53103 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 5.5
CVE-2024-50245 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 6.3
CVE-2024-50006 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Ser
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 7.8
CVE-2024-50245 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26·CVSS 6.7
CVE-2024-50301 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- Infini
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-26
CVE-2024-50301 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBa
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.5
CVE-2024-50154 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.5
CVE-2024-50154 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-25·CVSS 5.5
CVE-2024-50154 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-24·CVSS 5.5
CVE-2024-50036 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-24·CVSS 5.5
CVE-2024-50036 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-19
CVE-2024-47738 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- RAM backed block device driver;
- Network block device driver;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bluetooth drivers;
- TPM device driver;
- Clock fr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2025-02-19
CVE-2024-49996 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
-
Red Hat
kernel: HID: core: zero-initialize the report buffer
vendor_redhat·2024-11-19·CVSS 5.5
CVE-2024-50302 [MEDIUM] CWE-908 kernel: HID: core: zero-initialize the report buffer
kernel: HID: core: zero-initialize the report buffer
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities.
Statement: While this vulnerability could lead to disclosure of kernel memory, the impact is rated Moderate because exploitation requir
Microsoft
HID: core: zero-initialize the report buffer
vendor_msrc·2024-11-12·CVSS 5.5
CVE-2024-50302 [MEDIUM] CWE-908 HID: core: zero-initialize the report buffer
HID: core: zero-initialize the report buffer
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.
Debian
CVE-2024-50302: linux - In the Linux kernel, the following vulnerability has been resolved: HID: core: ...
vendor_debian·2024·CVSS 5.5
CVE-2024-50302 [MEDIUM] CVE-2024-50302: linux - In the Linux kernel, the following vulnerability has been resolved: HID: core: ...
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
Scope: local
bookworm: resolved (fixed in 6.1.119-1)
bullseye: resolved (fixed in 5.10.234-1)
forky: resolved (fixed in 6.11.9-1)
sid: resolved (fixed in 6.11.9-1)
trixie: resolved (fixed in 6.11.9-1)
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Google fixes Android zero-days exploited in attacks, 60 other flaws
blogs_bleepingcomputer·2025-04-07·CVSS 5.5
CVE-2024-53197 [MEDIUM] Google fixes Android zero-days exploited in attacks, 60 other flaws
## Google fixes Android zero-days exploited in attacks, 60 other flaws
## Sergiu Gatlan
Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks.
One of the zero-days, a high-severity privilege escalation security vulnerability ( CVE-2024-53197 ) in the Linux kernel's USB-audio driver for ALSA Devices, was reportedly exploited by Serbian authorities to unlock confiscated Android devices as part of a zero-day exploit chain developed by Israeli digital forensics company Cellebrite.
This exploit chain—which also included a USB Video Class zero-day (CVE-2024-53104) patched in February and a Human Interface Devices zero-day (CVE-2024-50302) patched last month )—was discovered by Amnesty International's
Checkpoint
10th March – Threat Intelligence Report
blogs_checkpoint·2025-03-10
CVE-2025-22224 10th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th March, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The City of Mission, Texas, has declared a local state of emergency following a severe cybersecurity incident that threatens to expose protected personal information, health records, and other critical data managed by city departments. The emergency declaration was issued by Mayor Norie Gonzalez Garza on March 4, 2025, after
Bleepingcomputer
Google fixes Android zero-day exploited by Serbian authorities
blogs_bleepingcomputer·2025-03-04·CVSS 7.3
CVE-2024-50302 [HIGH] Google fixes Android zero-day exploited by Serbian authorities
## Google fixes Android zero-day exploited by Serbian authorities
## Sergiu Gatlan
Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days exploited in targeted attacks.
Serbian authorities have used one of the zero-days, a high-severity information disclosure security vulnerability ( CVE-2024-50302 ) in the Linux kernel's driver for Human Interface Devices, to unlock confiscated devices.
The flaw was reportedly exploited as part of an Android zero-day exploit chain developed by Israeli digital forensics company Cellebrite to unlock confiscated devices.
The exploit chain—which also includes a USB Video Class zero-day (CVE-2024-53104) patched last month and an ALSA USB-sound driver zero-day)—was found by Amnesty International'
https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aafhttps://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0bhttps://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-355557.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302
2024-11-19
Published
2025-03-04
Added to CISA KEV
Exploited in the wild