{ "threat_severity" : "Moderate", "public_date" : "2024-11-19T00:00:00Z", "bugzilla" : { "description" : "kernel: HID: core: zero-initialize the report buffer", "id" : "2327169", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2327169" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-908", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nHID: core: zero-initialize the report buffer\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report.", "A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities." ], "statement" : "While this vulnerability could lead to disclosure of kernel memory, the impact is rated Moderate because exploitation requires bypassing additional security features such as kernel address-space layout randomization (KASLR). It could be exploited by an authenticated, local attacker who emulates a malicious Human Interface Device (HID).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2517", "cpe" : "cpe:/o:redhat:rhel_els:6", "package" : "kernel-0:2.6.32-754.56.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2514", "cpe" : "cpe:/o:redhat:rhel_aus:7.7", "package" : "kernel-0:3.10.0-1062.93.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2510", "cpe" : "cpe:/a:redhat:rhel_extras_rt_els:7", "package" : "kernel-rt-0:3.10.0-1160.133.1.rt56.1285.el7" }, { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2501", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "kernel-0:3.10.0-1160.133.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2474", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.44.1.rt7.385.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2473", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.44.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2646", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "kernel-0:4.18.0-193.146.1.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2528", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.151.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2524", "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.151.1.rt7.228.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2528", "cpe" : "cpe:/o:redhat:rhel_tus:8.4", "package" : "kernel-0:4.18.0-305.151.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2528", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kernel-0:4.18.0-305.151.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2489", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.141.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2489", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.141.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2489", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.141.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2525", "cpe" : "cpe:/o:redhat:rhel_eus:8.8", "package" : "kernel-0:4.18.0-477.93.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2627", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.31.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2627", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.31.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2488", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.125.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2512", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.125.1.rt21.197.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2475", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.108.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2476", "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.108.1.rt14.393.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2490", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.59.1.el9_4" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2025-03-13T00:00:00Z", "advisory" : "RHSA-2025:2441", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "rhcos-412.86.202503052321-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2025-03-20T00:00:00Z", "advisory" : "RHSA-2025:2701", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "rhcos-413.92.202503112237-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2025-03-19T00:00:00Z", "advisory" : "RHSA-2025:2710", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "rhcos-414.92.202503100617-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2025-03-13T00:00:00Z", "advisory" : "RHSA-2025:2454", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "rhcos-415.92.202503060749-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2025-04-03T00:00:00Z", "advisory" : "RHSA-2025:3301", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "rhcos-416.94.202503252048-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-03-12T00:00:00Z", "advisory" : "RHSA-2025:2445", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "rhcos-417.94.202503060903-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2449", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "rhcos-418.94.202503061016-0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-50302\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50302\nhttps://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/T\nhttps://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "csaw" : true, "name" : "CVE-2024-50302", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" } }