CVE-2024-50302

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26affected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < 3f9e88f2672c4635960570ee9741778d4135ecf5affected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46affected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < 05ade5d4337867929e7ef664e7ac8e0c734f1aafaffected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0baffected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191affected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < 492015e6249fbcd42138b49de3c588d826dd9648affected
LinuxLinux27ce405039bfe6d3f4143415c638f56a3df77dca < 177f25d1292c7e16e1199b39c85480f7f8815552affected
LinuxLinuxb2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7affected
LinuxLinuxfe6c9b48ebc920ff21c10c50ab2729440c734254affected
LinuxLinux3.10.16 < 3.11affected
LinuxLinux3.11.5 < 3.12affected
LinuxLinux3.12affected
LinuxLinux0 < 3.12unaffected
LinuxLinux4.19.324 <= 4.19.*unaffected
LinuxLinux5.4.286 <= 5.4.*unaffected
LinuxLinux5.10.230 <= 5.10.*unaffected
LinuxLinux5.15.172 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: partial

Additional References

CVE Program Container

Additional References

Additional References

References