CVE-2024-50302
MEDIUM KEVGoogle Android < 4.19.324 - Use of Uninitialized Resource
Title source: ruleDescription
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
References (11)
Scores
CVSS v3
5.5
EPSS
0.0170
EPSS Percentile
82.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CISA KEV
2025-03-04
VulnCheck KEV
2024-11-07
InTheWild.io
2024-10-29
ENISA EUVD
EUVD-2024-44804
CWE
CWE-908
Status
published
Products (11)
debian/debian_linux
11.0
google/android
linux/Kernel
3.12.0 - 4.19.324linux
linux/Kernel
4.20.0 - 5.4.286linux
linux/Kernel
5.11.0 - 5.15.172linux
linux/Kernel
5.16.0 - 6.1.117linux
linux/Kernel
5.5.0 - 5.10.230linux
linux/Kernel
6.2.0 - 6.6.61linux
linux/Kernel
6.7.0 - 6.11.8linux
linux/linux_kernel
6.12 rc1 (6 CPE variants)
... and 1 more
Published
Nov 19, 2024
KEV Added
Mar 04, 2025
Tracked Since
Feb 18, 2026