CVE-2024-50302: Linux Kernel Use of Uninitialized Resource Vulnerability

Published Nov 19, 2024
·
Updated

HID: core: zero-initialize the report buffer

Other sources

The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.

CISA

This CVE was automatically created from a reference found in an email or other text. If you are reading this, then this CVE entry is probably erroneous, since this text should be replaced by the official CVE description automatically.

Launchpad

Affected Software

55 affected componentsFixes available
Linux Kernel
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
Google Android
Microsoft azl3 kernel 6.6.57.1-7
Patch available
Microsoft cbl2 kernel 5.15.167.1-2
Patch available
Microsoft cbl2 kernel 5.15.167.1-2
Patch available
Microsoft azl3 kernel 6.6.64.2-1
Patch available
Microsoft cbl2 kernel 5.15.173.1-1
Patch available
Google Android
Debian Debian Linux=11.0
Linux Linux kernel>=3.12<4.19.324
Linux Linux kernel>=4.20<5.4.286
Linux Linux kernel>=5.5<5.10.230
Linux Linux kernel>=5.11<5.15.172
Linux Linux kernel>=5.16<6.1.117
Linux Linux kernel>=6.2<6.6.61
Linux Linux kernel>=6.7<6.11.8
Linux Linux kernel=6.12-rc1
Linux Linux kernel=6.12-rc2
Linux Linux kernel=6.12-rc3
Linux Linux kernel=6.12-rc4
Linux Linux kernel=6.12-rc5
Linux Linux kernel=6.12-rc6
All of the following
Siemens Simatic S7-1500 Tm Mfp Firmware
Siemens Simatic S7-1500 Tm Mfp
All of the following
Siemens Sinec Os<3.2
Any of the following
Siemens Ruggedcom Rst2428p
Siemens SCALANCE XC316-8
Siemens Scalance Xc319-4
Siemens SCALANCE XC324-4
Siemens Scalance Xc324-4eec
Siemens SCALANCE XC332
Siemens SCALANCE XC416-8
Siemens Scalance Xc419-4
Siemens SCALANCE XC424-4
Siemens SCALANCE XC432
Siemens SCALANCE XCH328
Siemens SCALANCE XCM324
Siemens SCALANCE XCM328
Siemens SCALANCE XCM332
Siemens SCALANCE XR302-32
Siemens SCALANCE XR322-12
Siemens SCALANCE XR326-8
Siemens Scalance Xr326-8eec
Siemens SCALANCE XR502-32
Siemens SCALANCE XR522-12
Siemens Scalance Xr524-8c
Siemens Scalance Xr524-8wg
Siemens SCALANCE XR526-8
Siemens Scalance Xr526-8c
Siemens Scalance Xr528-6m
Siemens Scalance Xr552-12m
Siemens SCALANCE XRH334
Siemens SCALANCE XRM334

Remediation

Patch Available

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf

Patch Available

https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552

Patch Available

https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b

Patch Available

https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5

Patch Available

https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648

Patch Available

https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191

Patch Available

https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46

Patch Available

https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26

Information

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Event History

Dec 4, 2023
News Published
06:01 AM
Dec 18, 2023
News Published
02:25 AM
Jan 15, 2024
News Published
03:34 PM
Apr 29, 2024
News Published
02:29 AM
May 6, 2024
News Published
02:30 AM
May 13, 2024
News Published
02:21 AM
Jun 3, 2024
News Published
12:02 PM
Jul 1, 2024
News Published
03:35 AM
Jul 22, 2024
News Published
03:44 AM
Sep 30, 2024
News Published
03:02 AM
Nov 11, 2024
News Published
03:28 AM
Nov 19, 2024
CVE Published
via MITRE·01:30 AM
Data Sourced
via MITRE·01:30 AM
Description
Data Sourced
via Red Hat·02:01 AM
DescriptionSeverityAffected Software
Data Sourced
via NVD·02:16 AM
RemedyDescriptionSeverityWeaknessAffected Software
Dec 12, 2024
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
SeverityAffected Software
Updated
via Microsoft·08:00 AM
Description
Feb 10, 2025
News Published
02:30 AM
Feb 20, 2025
Data Sourced
via Launchpad·12:50 AM
Description
Feb 28, 2025
News Published
via BleepingComputer·04:27 PM
News Published
via BleepingComputer·04:28 PM
Mar 3, 2025
Data Sourced
via Android·12:00 AM
SeverityWeaknessAffected Software
News Published
03:31 AM
Mar 4, 2025
Known Exploited
via CISA·12:00 AM
News Published
via BleepingComputer·11:38 AM
Mar 12, 2025
News Published
via The Register·01:24 AM
News Published
via The Register·01:29 AM
Apr 7, 2025
News Published
via BleepingComputer·05:55 PM
Apr 29, 2025
Data Sourced
via Ubuntu·01:09 AM
RemedyDescriptionSeverityAffected Software
Sep 8, 2025
News Published
via The Register·11:46 AM

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-50302?

CVE-2024-50302 has been classified as a vulnerability that could potentially lead to information leakage.

2

How do I fix CVE-2024-50302?

To mitigate CVE-2024-50302, update the Linux kernel to a version that has addressed this vulnerability.

3

What versions of the Linux kernel are affected by CVE-2024-50302?

CVE-2024-50302 affects multiple versions of the Linux kernel from 3.12 up to 6.12-rc6.

4

What components are impacted by CVE-2024-50302?

CVE-2024-50302 impacts the input HID subsystem of the Linux kernel, particularly around the report buffer.

5

Is CVE-2024-50302 exploitable remotely?

CVE-2024-50302 is not directly stated as being exploitable remotely, but it poses a risk of local information leakage.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203