Linux Kernel Use of Uninitialized Resource Vulnerability (CVE-2024-50302)
The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
A local attacker, with a low-privilege account, can achieve full data confidentiality loss. Federal agencies are required to remediate by 2025-03-25 under CISA BOD 22-01.
This is a Software Vulnerability (CWE-908) (CWE-908) vulnerability in Linux Kernel. In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2025-03-04 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2025-03-25.
Get the fix
Apply the fixed package from your vendor. The advisory lists affected versions and the exact fixed build.
↗ Red Hat advisoryCVE-2024-50302Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
Related vulnerabilities
KB5000871: Windows Server 2016 / 2019 Security Update (May 2026)
Microsoft Exchange Server
CVE-2021-26855
MEDIUM6.5Microsoft Defender for Identity Improper Authentication — Spoofing (CVE-2025-26685)
Microsoft Defender for Identity
CVE-2025-26685
HIGHIIS Security Updates Require Both Windows Update and Manual Configuration Review
Microsoft IIS