CVE-2024-50302

{"id": "CVE-2024-50302", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-19T02:16:32.320", "references": [{"url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "tags": ["Third Party Advisory"], "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html", "tags": ["Third Party Advisory"], "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\u00facleo: inicializar en cero el b\u00fafer de informes Dado que el b\u00fafer de informes es utilizado por todo tipo de controladores de diversas formas, vamos a inicializarlo en cero durante la asignaci\u00f3n para asegurarnos de que nunca pueda usarse para filtrar memoria del kernel a trav\u00e9s de un informe especialmente manipulado."}], "lastModified": "2026-05-12T18:47:16.597", "cisaActionDue": "2025-03-25", "cisaExploitAdd": "2025-03-04", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6C0262-1527-4F55-8BDE-973F59FE7E1B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "754051AB-27D3-41CA-B2C8-79BAD48C8750"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinec_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA64F29A-AD82-4C61-BA69-AC9ABF9CFEF5", "versionEndExcluding": "3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:ruggedcom_rst2428p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5162CF70-42A4-4CBD-BE7E-17526719138A"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc316-8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5A0BBD2-432C-4C37-A371-EC11A00D52D8"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc319-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BBF5B37-DC44-42A1-A2D1-3D3BBE31BEEC"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc324-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76572367-5EDD-438E-9682-25C243014840"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc324-4eec:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4C044CD-DA0B-4010-BABC-83C5FB9856D8"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc332:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B320F7CF-B10C-45EB-9C90-929D1559F2BF"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc416-8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6AE4732-7607-400A-A91E-6DF461D87960"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc419-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FCDCCBC-DAEF-4068-AEE7-05C94E681A32"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc424-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5CEC02B5-FCB5-4A84-8525-6554924C2F92"}, {"criteria": "cpe:2.3:h:siemens:scalance_xc432:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26F3FFB6-C652-4A86-B335-99E135A1E46F"}, {"criteria": "cpe:2.3:h:siemens:scalance_xch328:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "782C249B-9E3A-4434-85D6-1F69A038D829"}, {"criteria": "cpe:2.3:h:siemens:scalance_xcm324:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "136D0CA3-725F-4D2F-9CC8-50900A6B34C8"}, {"criteria": "cpe:2.3:h:siemens:scalance_xcm328:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2EC8600-BA60-4924-B884-AFAA2479148F"}, {"criteria": "cpe:2.3:h:siemens:scalance_xcm332:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05A09417-83A6-42AC-A89E-DEFDC942DA39"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr302-32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A9466814-A230-4AC9-AB45-0E239AC6D835"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr322-12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D120370-64EE-4BA5-AE3D-0DC4BB981935"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr326-8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6361663-6D4A-408D-B3CD-694988C95AB5"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr326-8eec:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16FFF08F-677B-448A-82E1-E76707D9E6F1"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr502-32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A037C08-0764-452D-A821-8948164C480A"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr522-12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "467779F9-C715-402E-9A5B-80015424B129"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0E6B7D8-3F9E-43D6-AEFE-DEE3993679C5"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr524-8wg:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE3879F0-02AB-4ABE-9753-BED7BA46965A"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr526-8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9ECC2EEE-B583-45E0-AEAC-B1225CEBAA30"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67661569-6233-4C74-9C72-88BD14B257FE"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E048C4A-A414-4C87-A865-4D4218AE32EE"}, {"criteria": "cpe:2.3:h:siemens:scalance_xr552-12m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A806691-3F4B-46AA-9718-2F6BF0FD3D7A"}, {"criteria": "cpe:2.3:h:siemens:scalance_xrh334:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06FA1667-965A-4119-A519-F9119B5358DF"}, {"criteria": "cpe:2.3:h:siemens:scalance_xrm334:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5FC3042-0224-45AE-B516-7934EF15DCC8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D982986-F7AE-4B56-8E3E-D34CE2B7AF38", "versionEndExcluding": "4.19.324", "versionStartIncluding": "3.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E", "versionEndExcluding": "5.4.286", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134", "versionEndExcluding": "5.10.230", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1", "versionEndExcluding": "5.15.172", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E", "versionEndExcluding": "6.1.117", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3", "versionEndExcluding": "6.6.61", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Linux Kernel Use of Uninitialized Resource Vulnerability"}