Medium severity5.5CISA KEVNVD Advisory· Published Nov 19, 2024· Updated May 12, 2026

CVE-2024-50302

Description

In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Affected products

Linux/Linuxv5
Range: 3.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvdThird Party Advisory
cert-portal.siemens.com/productcert/html/ssa-355557.htmlnvdThird Party Advisory
lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlnvdMailing List
lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlnvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

Critical Remote Code Execution Vulnerability Patched in Android
SecurityWeek · May 5, 2026

Severity

MediumCVSS v3.1

5.5/ 10

Attack vector: Local
Complexity: Low
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Probability of exploitation in the next 30 days.

1.74%

VYPR risk score

Composite of severity, exploitation, and reach.

0.48medium

cvss	0.358
epss	0.001
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000

Weaknesses

CWE-908
Use of Uninitialized Resource

CVE ID

CVE-2024-50302