Bug 2327169 (CVE-2024-50302) - CVE-2024-50302 kernel: HID: core: zero-initialize the report buffer
Summary: CVE-2024-50302 kernel: HID: core: zero-initialize the report buffer
Keywords:
Status: NEW
Alias: CVE-2024-50302
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2327251
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-19 02:01 UTC by OSIDB Bzimport
Modified: 2025-05-01 19:59 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:2478 0 None None None 2025-03-10 04:27:32 UTC
Red Hat Product Errata RHBA-2025:2523 0 None None None 2025-03-10 15:21:18 UTC
Red Hat Product Errata RHBA-2025:2589 0 None None None 2025-03-11 00:01:57 UTC
Red Hat Product Errata RHBA-2025:2689 0 None None None 2025-03-12 15:56:22 UTC
Red Hat Product Errata RHBA-2025:2750 0 None None None 2025-03-13 13:35:24 UTC
Red Hat Product Errata RHBA-2025:2751 0 None None None 2025-03-13 13:15:25 UTC
Red Hat Product Errata RHBA-2025:2752 0 None None None 2025-03-13 13:41:32 UTC
Red Hat Product Errata RHBA-2025:2779 0 None None None 2025-03-13 14:18:51 UTC
Red Hat Product Errata RHBA-2025:2781 0 None None None 2025-03-13 14:11:49 UTC
Red Hat Product Errata RHBA-2025:2782 0 None None None 2025-03-13 14:17:44 UTC
Red Hat Product Errata RHBA-2025:2783 0 None None None 2025-03-13 14:16:49 UTC
Red Hat Product Errata RHBA-2025:2815 0 None None None 2025-03-13 18:55:22 UTC
Red Hat Product Errata RHBA-2025:3020 0 None None None 2025-03-18 21:39:08 UTC
Red Hat Product Errata RHSA-2025:2441 0 None None None 2025-03-13 16:30:03 UTC
Red Hat Product Errata RHSA-2025:2445 0 None None None 2025-03-12 17:40:02 UTC
Red Hat Product Errata RHSA-2025:2449 0 None None None 2025-03-11 02:08:23 UTC
Red Hat Product Errata RHSA-2025:2454 0 None None None 2025-03-13 05:47:11 UTC
Red Hat Product Errata RHSA-2025:2473 0 None None None 2025-03-10 01:31:06 UTC
Red Hat Product Errata RHSA-2025:2474 0 None None None 2025-03-10 01:24:52 UTC
Red Hat Product Errata RHSA-2025:2475 0 None None None 2025-03-10 03:25:19 UTC
Red Hat Product Errata RHSA-2025:2476 0 None None None 2025-03-10 03:17:27 UTC
Red Hat Product Errata RHSA-2025:2488 0 None None None 2025-03-10 08:34:44 UTC
Red Hat Product Errata RHSA-2025:2489 0 None None None 2025-03-10 08:51:07 UTC
Red Hat Product Errata RHSA-2025:2490 0 None None None 2025-03-10 10:43:53 UTC
Red Hat Product Errata RHSA-2025:2501 0 None None None 2025-03-10 12:38:33 UTC
Red Hat Product Errata RHSA-2025:2510 0 None None None 2025-03-10 13:17:11 UTC
Red Hat Product Errata RHSA-2025:2512 0 None None None 2025-03-10 13:58:25 UTC
Red Hat Product Errata RHSA-2025:2514 0 None None None 2025-03-10 14:13:28 UTC
Red Hat Product Errata RHSA-2025:2517 0 None None None 2025-03-10 14:32:01 UTC
Red Hat Product Errata RHSA-2025:2524 0 None None None 2025-03-10 15:20:39 UTC
Red Hat Product Errata RHSA-2025:2525 0 None None None 2025-03-10 15:40:02 UTC
Red Hat Product Errata RHSA-2025:2528 0 None None None 2025-03-10 16:00:55 UTC
Red Hat Product Errata RHSA-2025:2627 0 None None None 2025-03-11 06:34:46 UTC
Red Hat Product Errata RHSA-2025:2646 0 None None None 2025-03-11 08:55:49 UTC
Red Hat Product Errata RHSA-2025:2701 0 None None None 2025-03-20 07:01:46 UTC
Red Hat Product Errata RHSA-2025:2710 0 None None None 2025-03-19 20:54:59 UTC
Red Hat Product Errata RHSA-2025:3301 0 None None None 2025-04-03 00:21:40 UTC

Description OSIDB Bzimport 2024-11-19 02:01:23 UTC 
In the Linux kernel, the following vulnerability has been resolved:

HID: core: zero-initialize the report buffer

Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
Comment 1 Avinash Hanwate 2024-11-19 06:06:29 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/T
Comment 3 Klaas Demter 2025-03-05 14:25:33 UTC 
This has been added to CISAs Known Exploited Vulnerabilities Catalog. Any plans to fix it in RHEL8+?

https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog
Comment 6 errata-xmlrpc 2025-03-10 01:24:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:2474 https://access.redhat.com/errata/RHSA-2025:2474
Comment 7 errata-xmlrpc 2025-03-10 01:31:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:2473 https://access.redhat.com/errata/RHSA-2025:2473
Comment 8 errata-xmlrpc 2025-03-10 03:17:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:2476 https://access.redhat.com/errata/RHSA-2025:2476
Comment 9 errata-xmlrpc 2025-03-10 03:25:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:2475 https://access.redhat.com/errata/RHSA-2025:2475
Comment 10 errata-xmlrpc 2025-03-10 08:34:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:2488 https://access.redhat.com/errata/RHSA-2025:2488
Comment 11 errata-xmlrpc 2025-03-10 08:51:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:2489 https://access.redhat.com/errata/RHSA-2025:2489
Comment 12 errata-xmlrpc 2025-03-10 10:43:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:2490 https://access.redhat.com/errata/RHSA-2025:2490
Comment 13 errata-xmlrpc 2025-03-10 12:38:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:2501 https://access.redhat.com/errata/RHSA-2025:2501
Comment 14 errata-xmlrpc 2025-03-10 13:17:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:2510 https://access.redhat.com/errata/RHSA-2025:2510
Comment 15 errata-xmlrpc 2025-03-10 13:58:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:2512 https://access.redhat.com/errata/RHSA-2025:2512
Comment 16 errata-xmlrpc 2025-03-10 14:13:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2025:2514 https://access.redhat.com/errata/RHSA-2025:2514
Comment 17 errata-xmlrpc 2025-03-10 14:31:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2025:2517 https://access.redhat.com/errata/RHSA-2025:2517
Comment 18 errata-xmlrpc 2025-03-10 15:20:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:2524 https://access.redhat.com/errata/RHSA-2025:2524
Comment 19 errata-xmlrpc 2025-03-10 15:40:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:2525 https://access.redhat.com/errata/RHSA-2025:2525
Comment 20 errata-xmlrpc 2025-03-10 16:00:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:2528 https://access.redhat.com/errata/RHSA-2025:2528
Comment 21 errata-xmlrpc 2025-03-11 02:08:20 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:2449 https://access.redhat.com/errata/RHSA-2025:2449
Comment 22 errata-xmlrpc 2025-03-11 06:34:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:2627 https://access.redhat.com/errata/RHSA-2025:2627
Comment 23 errata-xmlrpc 2025-03-11 08:55:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:2646 https://access.redhat.com/errata/RHSA-2025:2646
Comment 24 errata-xmlrpc 2025-03-12 17:39:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:2445 https://access.redhat.com/errata/RHSA-2025:2445
Comment 25 errata-xmlrpc 2025-03-13 05:47:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:2454 https://access.redhat.com/errata/RHSA-2025:2454
Comment 26 errata-xmlrpc 2025-03-13 16:30:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:2441 https://access.redhat.com/errata/RHSA-2025:2441
Comment 27 errata-xmlrpc 2025-03-19 20:54:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:2710 https://access.redhat.com/errata/RHSA-2025:2710
Comment 28 errata-xmlrpc 2025-03-20 07:01:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2025:2701 https://access.redhat.com/errata/RHSA-2025:2701
Comment 29 errata-xmlrpc 2025-04-03 00:21:38 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:3301 https://access.redhat.com/errata/RHSA-2025:3301
Note You need to log in before you can comment on or make changes to this bug.