5.5

CVE-2024-50302

Warnung

HID: core: zero-initialize the report buffer

In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version-
DebianDebian Linux Version11.0
SiemensSinec Os Version < 3.2
   SiemensRuggedcom Rst2428p Version-
   SiemensScalance Xc316-8 Version-
   SiemensScalance Xc319-4 Version-
   SiemensScalance Xc324-4 Version-
   SiemensScalance Xc324-4eec Version-
   SiemensScalance Xc332 Version-
   SiemensScalance Xc416-8 Version-
   SiemensScalance Xc419-4 Version-
   SiemensScalance Xc424-4 Version-
   SiemensScalance Xc432 Version-
   SiemensScalance Xch328 Version-
   SiemensScalance Xcm324 Version-
   SiemensScalance Xcm328 Version-
   SiemensScalance Xcm332 Version-
   SiemensScalance Xr302-32 Version-
   SiemensScalance Xr322-12 Version-
   SiemensScalance Xr326-8 Version-
   SiemensScalance Xr326-8eec Version-
   SiemensScalance Xr502-32 Version-
   SiemensScalance Xr522-12 Version-
   SiemensScalance Xr524-8c Version-
   SiemensScalance Xr524-8wg Version-
   SiemensScalance Xr526-8 Version-
   SiemensScalance Xr526-8c Version-
   SiemensScalance Xr528-6m Version-
   SiemensScalance Xr552-12m Version-
   SiemensScalance Xrh334 Version-
   SiemensScalance Xrm334 Version-
LinuxLinux Kernel Version >= 3.12 < 4.19.324
LinuxLinux Kernel Version >= 4.20 < 5.4.286
LinuxLinux Kernel Version >= 5.5 < 5.10.230
LinuxLinux Kernel Version >= 5.11 < 5.15.172
LinuxLinux Kernel Version >= 5.16 < 6.1.117
LinuxLinux Kernel Version >= 6.2 < 6.6.61
LinuxLinux Kernel Version >= 6.7 < 6.11.8
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

04.03.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Use of Uninitialized Resource Vulnerability

Schwachstelle

The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.81% 0.521
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
Patch
https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
Patch
https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
Patch
https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
Patch
https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
Patch
https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
Patch
https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
Patch
https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
Patch
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302
US Government Resource
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Mailing List
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
Third Party Advisory