March 4, 2025 · Applied Cybernetics Group
CVE-2024-50302 — Linux Kernel
Linux Kernel Use of Uninitialized Resource Vulnerability
- Added to KEV
2025-03-04- Federal due date
2025-03-25- Vendor
- Linux
- Product
- Kernel
- EPSS
- 85.8th percentile (score 0.026, as of
2026-06-08) - NVD CVSS v3.1
- 5.5 (MEDIUM)
- Ransomware use
- Unknown
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2024-50302
CISA short description
The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NVD description
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.