CVE-2024-50302

MEDIUM CISA KEV

Published Nov 19, 2024 Modified May 12, 2026 CWE-908

Description

CVSS v3.1 Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Mar 4, 2025 Remediation due: Mar 25, 2025

Weakness Type (CWE)

CWE-908 CWE-908

Affected Products

Vendor	Product	Versions
google	android	All
debian	debian_linux	All
siemens	simatic_s7-1500_tm_mfp_firmware	All
siemens	simatic_s7-1500_tm_mfp	All
siemens	sinec_os	< 3.2
siemens	ruggedcom_rst2428p	All
siemens	scalance_xc316-8	All
siemens	scalance_xc319-4	All
siemens	scalance_xc324-4	All
siemens	scalance_xc324-4eec	All
siemens	scalance_xc332	All
siemens	scalance_xc416-8	All
siemens	scalance_xc419-4	All
siemens	scalance_xc424-4	All
siemens	scalance_xc432	All
siemens	scalance_xch328	All
siemens	scalance_xcm324	All
siemens	scalance_xcm328	All
siemens	scalance_xcm332	All
siemens	scalance_xr302-32	All
siemens	scalance_xr322-12	All
siemens	scalance_xr326-8	All
siemens	scalance_xr326-8eec	All
siemens	scalance_xr502-32	All
siemens	scalance_xr522-12	All
siemens	scalance_xr524-8c	All
siemens	scalance_xr524-8wg	All
siemens	scalance_xr526-8	All
siemens	scalance_xr526-8c	All
siemens	scalance_xr528-6m	All
siemens	scalance_xr552-12m	All
siemens	scalance_xrh334	All
siemens	scalance_xrm334	All
linux	linux_kernel	3.12 — 4.19.324
linux	linux_kernel	4.20 — 5.4.286
linux	linux_kernel	5.5 — 5.10.230
linux	linux_kernel	5.11 — 5.15.172
linux	linux_kernel	5.16 — 6.1.117
linux	linux_kernel	6.2 — 6.6.61
linux	linux_kernel	6.7 — 6.11.8
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All
linux	linux_kernel	All

References

Advisories & Patches

https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552 https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648 https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191 https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26

Other References

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html https://cert-portal.siemens.com/productcert/html/ssa-265688.html https://cert-portal.siemens.com/productcert/html/ssa-355557.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302

Frequently Asked Questions

What is CVE-2024-50302? +

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. It has a CVSS v3.1 base score of 5.5 (MEDIUM). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

How severe is CVE-2024-50302? +

CVE-2024-50302 has a CVSS v3.1 score of 5.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2024-50302? +

CVE-2024-50302 affects products from debian, google, linux, siemens, specifically: android, debian_linux, linux_kernel, ruggedcom_rst2428p, scalance_xc316-8, scalance_xc319-4, scalance_xc324-4, scalance_xc324-4eec, scalance_xc332, scalance_xc416-8, scalance_xc419-4, scalance_xc424-4, scalance_xc432, scalance_xch328, scalance_xcm324, scalance_xcm328, scalance_xcm332, scalance_xr302-32, scalance_xr322-12, scalance_xr326-8, scalance_xr326-8eec, scalance_xr502-32, scalance_xr522-12, scalance_xr524-8c, scalance_xr524-8wg, scalance_xr526-8, scalance_xr526-8c, scalance_xr528-6m, scalance_xr552-12m, scalance_xrh334, scalance_xrm334, simatic_s7-1500_tm_mfp, simatic_s7-1500_tm_mfp_firmware, sinec_os. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-50302? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-2329

In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and …

CVE-2025-48513

Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel …

CVE-2025-1942 9.8

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result …

CVE-2024-32611 9.8

HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.

CVE-2025-50165 9.8

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

CVE-2024-47540 9.8

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the …

Quick Facts

CVSS Score: 5.5
Severity: MEDIUM
Published: Nov 19, 2024
KEV: Active Exploit

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-50302.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →