CVE-2024-50302
Published Nov 19, 2024
Last updated 4 months ago
- Description
- In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- android, debian_linux, linux_kernel
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Linux Kernel Use of Uninitialized Resource Vulnerability
- Exploit added on
- Mar 4, 2025
- Exploit action due
- Mar 25, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨 URGENT: Critical Linux kernel vulnerabilities (CVE-2021-0920, CVE-2024-50302) patched for Ubuntu 14.04 LTS in USN-7720-1. Read more: 👉 https://t.co/ZlKtv5XnLi #Ubuntu #Securtity https://t.co/yhIZcQ5KMt
@Cezar_H_Linux
28 Aug 2025
250 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#Android #Vulnerability Android Alert: Critical Flaws CVE-2024-43093 & CVE-2024-50302 Exploited, Update Now! https://t.co/mngHSjWTjZ
@Komodosec
11 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50302, a #Linux kernel #vulnerability with a #CVSS score of 5.5, has been added to CISA’s KEV catalog due to active exploitation. This highlights why CVSS alone isn't enough—real-world threats demand deeper analysis. 👇 Full breakdown: https://t.co/K3lyRlrjQB https://t.
@TuxCare_
17 Mar 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
16 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. https://t.co/f6Qk0mecs4
@achi_tech
13 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
11 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
10 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
10 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
9 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google's March 2025 Android update fixes 44 vulnerabilities, including two actively exploited ones (CVE-2024-43093 & CVE-2024-50302).
@ladywithsarcasm
8 Mar 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
8 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
7 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
7 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA e Cisco: nuove vulnerabilità critiche e aggiornamenti di sicurezza Sicurezza Informatica, aggiornamenti, cisa, cisco, Cisco Secure Client, critiche, CVE-2024-50302, cybersecurity, exploit, fine supporto, ICS, Linux Kernel, TMS, VMware ESXi, vulnerab… https://t.co/X3BNoCGjY3
@matricedigitale
6 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50302 In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer
@sehanshah1
6 Mar 2025
40 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
گوگل از کاربران گوشی های اندرویدی خواسته تا سریعا گوشی خود را به روز رسانی نمایند. به تازگی ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-43093 و CVE-2024-50302 که از نوع RCE و Privilege escalation هستند ، برای سیستم عامل اندروید منتشر شده اند. https://t.co/Poz3aKYxT1 https://t.c
@AmirHossein_sec
5 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
5 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
گوگل از کاربران گوشی های اندرویدی خواسته تا سریعا گوشی خود را به روز رسانی نمایند. به تازگی ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-43093 و CVE-2024-50302 که از نوع RCE و Privilege escalation هستند ، برای سیستم عامل اندروید منتشر شده اند. https://t.co/pD1G3izlBE
@cybernetic_cy
5 Mar 2025
46 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Case Study: Traditional CVSS scoring missed this actively exploited vulnerability (CVE-2024-50302) https://t.co/uSF3CqBcZw https://t.co/hOjD9cq5Au
@secharvesterx
5 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/sXIO4T95uV 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity
@gbhackers_news
5 Mar 2025
130 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/AUMWuL6Kou 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity https://t.co/eKAIgICk8a
@The_Cyber_News
5 Mar 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Androidの重大な脆弱性が標的型攻撃などへ悪用の可能性(CVE-2024-43093,CVE-2024-50302) #セキュリティ対策Lab #セキュリティ #Security https://t.co/bpagFOSj6D
@securityLab_jp
5 Mar 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Patches 2 Actively Exploited Android Flaws! March 2025 update fixes 44 vulnerabilities, including: 🔹 CVE-2024-43093 – Unauthorized access to Android directories. 🔹 CVE-2024-50302 – Linux kernel flaw exploited via Cellebrite zero-day. 📲 Update ASAP!… https://t.co/oGAS7
@dCypherIO
4 Mar 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の追加。セルビア当局が悪用したとされるAndroidのCVE-2024-50302と、VWware ESXi等の3件。対処期限は通常の3/25。ランサムウェアによる悪用は不知。 https://t.co/ev6RkHlceI
@__kokumoto
4 Mar 2025
981 Impressions
3 Retweets
12 Likes
1 Bookmark
1 Reply
0 Quotes
Google’s March 2025 Android update fixes 43 vulnerabilities, including two actively exploited zero-days. Serbian authorities used CVE-2024-50302, a Linux kernel flaw, to unlock confiscated devices via an exploit chain developed by Cellebrite. https://t.co/vD4URp7ZXa
@cyberbulletins
4 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has patched over 40 Android vulnerabilities, including 2 actively exploited ones (CVE-2024-43093 & CVE-2024-50302) that could lead to serious security risks. Stay updated! 🔒 #AndroidSecurity #TechUpdate #USA link: https://t.co/kceXxYwudv https://t.co/ksTP0FlozJ
@TweetThreatNews
4 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google’s March 2025 Android update patches 2 exploited flaws—CVE-2024-43093 and CVE-2024-50302. Privilege escalation risks are real. Updated your phone yet? What’s your go-to security habit? #AndroidSecurity
@CyberDhaal
4 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google corregge vulnerabilità critiche con l’aggiornamento Android di marzo 2025 Sicurezza Informatica, aggiornamento, Android, CVE-2024-43093, CVE-2024-50302, exploit, Google Play Protect, patch sicurezza, vulnerabilità https://t.co/OoOniC56La https://t.co/CViaAi0Iqu
@matricedigitale
4 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The March 2025 Android Security Bulletin addresses 44 vulnerabilities, including 2 exploited flaws, CVE-2024-43093 and CVE-2024-50302. Ensure the latest patches are implemented! #AndroidUpdate #Vulnerabilities #USA link: https://t.co/QrZPBttlbY https://t.co/pQjGyvZX9L
@TweetThreatNews
4 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. Get the full details: https://t.co/y4xfmE3CQR
@TheHackersNews
4 Mar 2025
33569 Impressions
61 Retweets
121 Likes
22 Bookmarks
1 Reply
0 Quotes
Android Security Bulletin - March 2025 https://t.co/Nd0zWgrI6s Wow.... 10 crit vulns(https://t.co/Xy9WeQK3J8) CVE-2024-43093 & CVE-2024-50302 exploited ITW
@xvonfers
3 Mar 2025
4591 Impressions
8 Retweets
41 Likes
20 Bookmarks
1 Reply
1 Quote
⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I
@syedaquib77
28 Feb 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D982986-F7AE-4B56-8E3E-D34CE2B7AF38",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]