CVE-2024-50302
MEDIUM
5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0132
Percentile
0,8th
Updated
EPSS Score Trend (Last 90 Days)
908
Use of Uninitialized Resource
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Potential Impacts:
Read Memory
Read Application Data
Dos: Crash, Exit, Or Restart
Applicable Platforms
All platforms may be affected
Operating System
Linux Kernel by Linux
Version Range Affected
From
6.7
(inclusive)
To
6.11.8
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.16
(inclusive)
To
6.1.117
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
6.2
(inclusive)
To
6.6.61
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
3.12
(inclusive)
To
4.19.324
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.11
(inclusive)
To
5.15.172
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.20
(inclusive)
To
5.4.286
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.5
(inclusive)
To
5.10.230
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Android by Google
CPE Identifier
View Detailed Analysis
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024…
https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf
https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552
https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b
https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5
https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648
https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191
https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46
https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html