CVE-2024-50302

Public on 2024-11-19
Modified on 2025-03-04
Description

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Severity
Low
See what this means
CVSS v3 Base Score
3.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
HAQM Linux 2 - Core kernel 2025-03-25 ALAS2-2025-2800
HAQM Linux 2 - Kernel-5.10 Extra kernel 2025-01-24 ALAS2KERNEL-5.10-2025-078
HAQM Linux 2 - Kernel-5.15 Extra kernel 2025-01-10 ALAS2KERNEL-5.15-2025-060
HAQM Linux 2 - Kernel-5.4 Extra kernel 2025-01-24 ALAS2KERNEL-5.4-2025-090
HAQM Linux 2023 kernel 2025-01-24 ALAS2023-2025-802

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2024-50302 Mitre: CVE-2024-50302 FAQs regarding HAQM Linux ALAS/CVE Severity