CVE-2024-50302

ENISA EUVD: EUVD-2024-44804 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 6 articles Published: 2024-11-19

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

2.78%

probability

This CVE has a 2.78% probability of being exploited in the next 30 days.

0% Top 86.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

5.5

MEDIUM

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

VulnerabilityLookup (CNA)

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Affected Products

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca 27ce405039bfe6d3f4143415c638f56a3df77dca 27ce405039bfe6d3f4143415c638f56a3df77dca 27ce405039bfe6d3f4143415c638f56a3df77dca 27ce405039bfe6d3f4143415c638f56a3df77dca 27ce405039bfe6d3f4143415c638f56a3df77dca

Linux

3.12 0 4.19.324 5.4.286 5.10.230 5.15.172

google

android

debian

debian linux

siemens

simatic s7-1500 tm mfp firmware

siemens

sinec os

linux

linux kernel

Linux

patch: 5.10.230

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <05ade5d4337867929e7ef664e7ac8e0c734f1aaf

Linux

patch: 0

Linux

b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <492015e6249fbcd42138b49de3c588d826dd9648

Linux

patch: 5.4.286

Linux

3.12

Linux

patch: 6.11.8

Linux

patch: 6.6.61

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <1884ab3d22536a5c14b17c78c2ce76d1734e8b0b

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <9d9f5c75c0c7f31766ec27d90f7a6ac673193191

Linux

fe6c9b48ebc920ff21c10c50ab2729440c734254

Linux

patch: 6.12

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <177f25d1292c7e16e1199b39c85480f7f8815552

Linux

patch: 5.15.172

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <d7dc68d82ab3fcfc3f65322465da3d7031d4ab46

Linux

patch: 6.1.117

Linux

patch: 4.19.324

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <e7ea60184e1e88a3c9e437b3265cbb6439aa7e26

Linux

27ce405039bfe6d3f4143415c638f56a3df77dca <3f9e88f2672c4635960570ee9741778d4135ecf5

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-665 · Improper Initialization CWE-908 · Use of Uninitialized Resource

Google Project Zero

Discovered

Oct. 29, 2024

Patched

March 1, 2025

Reported by

Benoît Sevens of Google's Threat Analysis Group

Root Cause Analysis

???

https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26

https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5

https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf

https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b

https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191

Signal Intelligence

Confidenceⓘ

75%

EPSS 2.78%

CVSS v3.1 5.5

Mentions 6

Last Seen May 05, 2026

CNA Information

CNA Assigner

Linux

CNA Title

HID: core: zero-initialize the report buffer

Analyst Note

This CVE addresses a kernel memory disclosure vulnerability in HID report buffer handling with a MEDIUM CVSS score (5.5). Confirmation is supported by its presence in Google Project Zero's vulnerability tracking and multiple security publications, though it lacks CISA KEV listing and the available articles appear tangentially related rather than directly focused on this specific CVE.