Vulnerability detail
Enriched intelligence for a single CVE
Medium
CVE-2024-50302
PUBLISHEDHID: core: zero-initialize the report buffer
- Vendor
- Linux
- Product
- Linux
- Published
- Nov 19, 2024
- EPSS
- —
Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitation status
Exploited in the wild
Recorded 2025-03-04 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- partial
References
- https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
- https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
- https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
- https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
- https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
- https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
- https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
- https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Mar 04, 2025 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/237432 | Jun 02, 2025 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nessus