CVE-2024-50302
| CVE Published | 2024-11-19 |
|---|---|
| Related CWE(s) | CWE-908: Use of Uninitialized Resource |
| Related Vendor(s) | linux |
| Related Product(s) | linux_kernel |
| Exploitation Reported (CISA KEV) | 2025-03-04 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph