Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - | |
| Debian | Debian Linux | 11.0 |
| Siemens | Simatic S7-1500 Tm Mfp Firmware | - |
| Siemens | Simatic S7-1500 Tm Mfp | - |
| Siemens | Sinec Os | < 3.2 |
| Siemens | Ruggedcom Rst2428P | - |
| Siemens | Scalance Xc316-8 | - |
| Siemens | Scalance Xc319-4 | - |
| Siemens | Scalance Xc324-4 | - |
| Siemens | Scalance Xc324-4Eec | - |
| Siemens | Scalance Xc332 | - |
| Siemens | Scalance Xc416-8 | - |
| Siemens | Scalance Xc419-4 | - |
| Siemens | Scalance Xc424-4 | - |
| Siemens | Scalance Xc432 | - |
| Siemens | Scalance Xch328 | - |
| Siemens | Scalance Xcm324 | - |
| Siemens | Scalance Xcm328 | - |
| Siemens | Scalance Xcm332 | - |
| Siemens | Scalance Xr302-32 | - |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aafPatch
- https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552Patch
- https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0bPatch
- https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5Patch
- https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648Patch
- https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191Patch
- https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46Patch
- https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26Patch
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlMailing List
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlMailing List
- https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-355557.htmlThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
FAQ
What is CVE-2024-50302?
CVE-2024-50302 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-i...
How severe is CVE-2024-50302?
CVE-2024-50302 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50302?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Debian Debian Linux, Siemens Simatic S7-1500 Tm Mfp Firmware, Siemens Simatic S7-1500 Tm Mfp, Siemens Sinec Os.