CVE-2024-50302 - Linux Kernel Use of Uninitialized Resource Vulnerability

Linux | Kernel

• Date Added:
• 2025-03-04

• Due Date:
• 2025-03-25

Vulnerability Name

Linux Kernel Use of Uninitialized Resource Vulnerability

Description

The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-50302

Latest Security News

Rubrik rotates authentication keys after log server breach

DHS says CISA will not stop monitoring Russian cyber threats

New Microsoft 365 outage impacts Teams, causes call failures

CISA tags Windows, Cisco vulnerabilities as actively exploited

New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint

UK watchdog probes TikTok and Reddit over child privacy concerns

Microsoft links recent Microsoft 365 outage to buggy update

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

Common Alerts

MediumPotential IP Addresses Found in the Viewstate

LowInformation Disclosure - Debug Error Messages

HighCross-Domain Misconfiguration - Silverlight

MediumAnti-CSRF Tokens Check

InformationalContent-Type Header Missing

HighSOAP Action Spoofing

HighGeneric Padding Oracle

Medium.env Information Leak

InformationalUser Controllable Charset

InformationalContent-Type Header Empty

Top CVE List

CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability

CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability

CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

Top CWE List

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-693 Protection Mechanism Failure

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1426 Improper Validation of Generative AI Output

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-1298 Hardware Logic Contains Race Conditions

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

CWE-1125 Excessive Attack Surface

CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)