{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50302", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T19:36:19.987Z", "datePublished": "2024-11-19T01:30:51.300Z", "dateUpdated": "2025-03-05T04:55:25.599Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:37:46.944Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-core.c"], "versions": [{"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "492015e6249fbcd42138b49de3c588d826dd9648", "status": "affected", "versionType": "git"}, {"version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-core.c"], "versions": [{"version": "3.12", "status": "affected"}, {"version": "0", "lessThan": "3.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.324", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.286", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.230", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.172", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.117", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.61", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.8", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"}, {"url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"}, {"url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"}, {"url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"}, {"url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"}, {"url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"}, {"url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"}, {"url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"}], "title": "HID: core: zero-initialize the report buffer", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-50302"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-03-04", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "timeline": [{"time": "2025-03-04T00:00:00+00:00", "lang": "en", "value": "CVE-2024-50302 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T04:55:25.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-50302", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T18:07:23.091483Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-03-04", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "timeline": [{"lang": "en", "time": "2025-03-04T00:00:00+00:00", "value": "CVE-2024-50302 added to CISA KEV"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T13:53:13.662Z"}}], "cna": {"title": "HID: core: zero-initialize the report buffer", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "492015e6249fbcd42138b49de3c588d826dd9648", "versionType": "git"}, {"status": "affected", "version": "27ce405039bfe6d3f4143415c638f56a3df77dca", "lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552", "versionType": "git"}], "programFiles": ["drivers/hid/hid-core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.12"}, {"status": "unaffected", "version": "0", "lessThan": "3.12", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.324", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.286", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.230", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.172", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.117", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.61", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.11.8", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/hid/hid-core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"}, {"url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"}, {"url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"}, {"url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"}, {"url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"}, {"url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"}, {"url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"}, {"url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:37:46.944Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50302", "state": "PUBLISHED", "dateUpdated": "2025-03-05T04:55:25.599Z", "dateReserved": "2024-10-21T19:36:19.987Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-11-19T01:30:51.300Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cisaActionDue": "2025-03-25", "cisaExploitAdd": "2025-03-04", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Linux Kernel Use of Uninitialized Resource Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D982986-F7AE-4B56-8E3E-D34CE2B7AF38", "versionEndExcluding": "4.19.324", "versionStartIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E", "versionEndExcluding": "5.4.286", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134", "versionEndExcluding": "5.10.230", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1", "versionEndExcluding": "5.15.172", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E", "versionEndExcluding": "6.1.117", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3", "versionEndExcluding": "6.6.61", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\u00facleo: inicializar en cero el b\u00fafer de informes Dado que el b\u00fafer de informes es utilizado por todo tipo de controladores de diversas formas, vamos a inicializarlo en cero durante la asignaci\u00f3n para asegurarnos de que nunca pueda usarse para filtrar memoria del kernel a trav\u00e9s de un informe especialmente manipulado."}], "id": "CVE-2024-50302", "lastModified": "2025-03-05T02:00:02.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-19T02:16:32.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-908"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2517", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "kernel-0:2.6.32-754.56.1.el6", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2514", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.93.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2510", "cpe": "cpe:/a:redhat:rhel_extras_rt_els:7", "package": "kernel-rt-0:3.10.0-1160.133.1.rt56.1285.el7", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2501", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "kernel-0:3.10.0-1160.133.1.el7", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2474", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.44.1.rt7.385.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2473", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.44.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2646", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "kernel-0:4.18.0-193.146.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2528", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "kernel-0:4.18.0-305.151.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2524", "cpe": "cpe:/a:redhat:rhel_tus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.151.1.rt7.228.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2528", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "kernel-0:4.18.0-305.151.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2528", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kernel-0:4.18.0-305.151.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2489", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.141.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2489", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.141.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2489", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.141.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2525", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.93.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2627", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.31.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2627", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.31.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2488", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.125.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2512", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.125.1.rt21.197.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2475", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.108.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2476", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.108.1.rt14.393.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2490", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.59.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2449", "cpe": "cpe:/a:redhat:openshift:4.18::el9", "package": "rhcos-418.94.202503061016-0", "product_name": "Red Hat OpenShift Container Platform 4.18", "release_date": "2025-03-11T00:00:00Z"}], "bugzilla": {"description": "kernel: HID: core: zero-initialize the report buffer", "id": "2327169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327169"}, "csaw": true, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-908", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nHID: core: zero-initialize the report buffer\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report.", "A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-50302", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50302\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50302\nhttps://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/T\nhttps://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "While this vulnerability could lead to disclosure of kernel memory, the impact is rated Moderate because exploitation requires bypassing additional security features such as kernel address-space layout randomization (KASLR). It could be exploited by an authenticated, local attacker who emulates a malicious Human Interface Device (HID).", "threat_severity": "Moderate"}