🟢 CVE-2024-50302

CVE-2024-50302 is a Linux kernel HID (Human Interface Device) subsystem vulnerability that allows information disclosure through uninitialized memory in report buffers. Despite being in CISA KEV, this is a LOCAL attack vector vulnerability requiring existing system access, making it unsuitable for direct internet exploitation.

← Back to Overview
LOW_RISK
Risk Level
5.5
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2024-11-19

Added to CISA KEV: 2025-03-04 105 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-50302 is a vulnerability in the Linux kernel's Human Interface Device (HID) driver that allows for the unauthorized disclosure of kernel memory [1] [5].

Active Exploitation and Threat Actor Usage
  • Status: This vulnerability is confirmed to be actively exploited in the wild [1].
  • Cataloging: It was added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog on March 4, 2025 [4].
  • Usage: Reports indicate that this vulnerability has been utilized by authorities to unlock confiscated mobile devices, specifically in the context of Android zero-day exploitation [3].
Attack Method and Requirements
  • Method: The vulnerability stems from a failure to zero-initialize the report buffer in the HID core [1] [6].
  • Requirements: An attacker must be able to connect a malicious input device to the target system [5].
  • Access Level: It is generally considered a local vulnerability, requiring a low-privileged attacker to have physical or logical access to interface with the HID subsystem [2].
Impact and Exploitation
  • Impact: Successful exploitation allows an attacker to leak kernel memory [1]. This information disclosure can be used to bypass security protections or facilitate the exploitation of additional, more critical vulnerabilities [2].
  • Ransomware/Targeted Attacks: While it has been linked to device unlocking by authorities, there is no widespread evidence of it being a primary vector for traditional ransomware campaigns.
Affected Versions and Mitigation
  • Status: The vulnerability has been resolved in the Linux kernel. Users are advised to update their kernel to a patched version provided by their distribution or vendor (e.g., Ubuntu, Amazon Linux, Juniper) [1] [7] [8].
  • Mitigation: Applying the relevant security updates from your operating system vendor is the primary and recommended mitigation.

Sources

  1. CVE-2024-50302 Detail - NVD

    Description. In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is ... CVE-2024-50302 is a medium severity vulnerability in the Linux kernel that allows specially-crafted report to leak kernel memory. The vulnerabi…

  2. 2026-01 Security Bulletin: Junos OS Evolved: A Linux kernel ...

    Problem A Use of Uninitialized Resource in the Linux kernel driver for Human Interface Devices (HID) in Junos OS Evolved allows a local low-privileged attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitat…

  3. Android Zero-Days Used by Authorities to Unlock Confiscated ...

    CVE-2024-50302 is an information disclosure vulnerability in the Linux kernel's HID driver that allows unauthorized access to kernel memory via ...

  4. CISA Adds Four Known Exploited Vulnerabilities to Catalog

    CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302…

  5. CVE-2024-50302 - Red Hat Customer Portal

    A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read ...

  6. In the Linux kernel, the following vulnerability has been... · CVE ...

    In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer.

  7. CVE-2024-50302 | Ubuntu

    Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things. ... In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer.

  8. CVE-2024-50302 - Amazon Linux Security Center

    In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed