AI description
CVE-2024-50302 is a privilege escalation vulnerability found in the HID (Human Interface Device) USB component of the Linux kernel. Exploitation is achieved through specially crafted HID reports, which can cause a leak of uninitialized kernel memory to a local attacker. This vulnerability has been reportedly used in targeted attacks. This flaw allows unauthorized access to sensitive kernel memory, potentially enabling further malicious actions on the affected device. It was patched by Google in March 2025 and has been added to CISA's Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
- Description
- In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Linux Kernel Use of Uninitialized Resource Vulnerability
- Exploit added on
- Mar 4, 2025
- Exploit action due
- Mar 25, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2024-50302, a #Linux kernel #vulnerability with a #CVSS score of 5.5, has been added to CISA’s KEV catalog due to active exploitation. This highlights why CVSS alone isn't enough—real-world threats demand deeper analysis. 👇 Full breakdown: https://t.co/K3lyRlrjQB https://t.
@TuxCare_
17 Mar 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
16 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. https://t.co/f6Qk0mecs4
@achi_tech
13 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
11 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
10 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
10 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
9 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Google's March 2025 Android update fixes 44 vulnerabilities, including two actively exploited ones (CVE-2024-43093 & CVE-2024-50302).
@ladywithsarcasm
8 Mar 2025
244 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
8 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
7 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
7 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA e Cisco: nuove vulnerabilità critiche e aggiornamenti di sicurezza Sicurezza Informatica, aggiornamenti, cisa, cisco, Cisco Secure Client, critiche, CVE-2024-50302, cybersecurity, exploit, fine supporto, ICS, Linux Kernel, TMS, VMware ESXi, vulnerab… https://t.co/X3BNoCGjY3
@matricedigitale
6 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50302 In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer
@sehanshah1
6 Mar 2025
40 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
گوگل از کاربران گوشی های اندرویدی خواسته تا سریعا گوشی خود را به روز رسانی نمایند. به تازگی ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-43093 و CVE-2024-50302 که از نوع RCE و Privilege escalation هستند ، برای سیستم عامل اندروید منتشر شده اند. https://t.co/Poz3aKYxT1 https://t.c
@AmirHossein_sec
5 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50302
@transilienceai
5 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
گوگل از کاربران گوشی های اندرویدی خواسته تا سریعا گوشی خود را به روز رسانی نمایند. به تازگی ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-43093 و CVE-2024-50302 که از نوع RCE و Privilege escalation هستند ، برای سیستم عامل اندروید منتشر شده اند. https://t.co/pD1G3izlBE
@cybernetic_cy
5 Mar 2025
46 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Case Study: Traditional CVSS scoring missed this actively exploited vulnerability (CVE-2024-50302) https://t.co/uSF3CqBcZw https://t.co/hOjD9cq5Au
@secharvesterx
5 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/sXIO4T95uV 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity
@gbhackers_news
5 Mar 2025
130 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Google Warns of Two Critical Android Vulnerabilities Under Attack Read more: https://t.co/AUMWuL6Kou 👉 CVE-2024-43093: System Component Privilege Escalation 👉 CVE-2024-50302: Linux Kernel HID Core Memory Leak #cybersecurity https://t.co/eKAIgICk8a
@The_Cyber_News
5 Mar 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Androidの重大な脆弱性が標的型攻撃などへ悪用の可能性(CVE-2024-43093,CVE-2024-50302) #セキュリティ対策Lab #セキュリティ #Security https://t.co/bpagFOSj6D
@securityLab_jp
5 Mar 2025
32 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google Patches 2 Actively Exploited Android Flaws! March 2025 update fixes 44 vulnerabilities, including: 🔹 CVE-2024-43093 – Unauthorized access to Android directories. 🔹 CVE-2024-50302 – Linux kernel flaw exploited via Cellebrite zero-day. 📲 Update ASAP!… https://t.co/oGAS7
@dCypherIO
4 Mar 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の追加。セルビア当局が悪用したとされるAndroidのCVE-2024-50302と、VWware ESXi等の3件。対処期限は通常の3/25。ランサムウェアによる悪用は不知。 https://t.co/ev6RkHlceI
@__kokumoto
4 Mar 2025
981 Impressions
3 Retweets
12 Likes
1 Bookmark
1 Reply
0 Quotes
Google’s March 2025 Android update fixes 43 vulnerabilities, including two actively exploited zero-days. Serbian authorities used CVE-2024-50302, a Linux kernel flaw, to unlock confiscated devices via an exploit chain developed by Cellebrite. https://t.co/vD4URp7ZXa
@cyberbulletins
4 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google has patched over 40 Android vulnerabilities, including 2 actively exploited ones (CVE-2024-43093 & CVE-2024-50302) that could lead to serious security risks. Stay updated! 🔒 #AndroidSecurity #TechUpdate #USA link: https://t.co/kceXxYwudv https://t.co/ksTP0FlozJ
@TweetThreatNews
4 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google’s March 2025 Android update patches 2 exploited flaws—CVE-2024-43093 and CVE-2024-50302. Privilege escalation risks are real. Updated your phone yet? What’s your go-to security habit? #AndroidSecurity
@CyberDhaal
4 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google corregge vulnerabilità critiche con l’aggiornamento Android di marzo 2025 Sicurezza Informatica, aggiornamento, Android, CVE-2024-43093, CVE-2024-50302, exploit, Google Play Protect, patch sicurezza, vulnerabilità https://t.co/OoOniC56La https://t.co/CViaAi0Iqu
@matricedigitale
4 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The March 2025 Android Security Bulletin addresses 44 vulnerabilities, including 2 exploited flaws, CVE-2024-43093 and CVE-2024-50302. Ensure the latest patches are implemented! #AndroidUpdate #Vulnerabilities #USA link: https://t.co/QrZPBttlbY https://t.co/pQjGyvZX9L
@TweetThreatNews
4 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists. Get the full details: https://t.co/y4xfmE3CQR
@TheHackersNews
4 Mar 2025
33569 Impressions
61 Retweets
121 Likes
22 Bookmarks
1 Reply
0 Quotes
Android Security Bulletin - March 2025 https://t.co/Nd0zWgrI6s Wow.... 10 crit vulns(https://t.co/Xy9WeQK3J8) CVE-2024-43093 & CVE-2024-50302 exploited ITW
@xvonfers
3 Mar 2025
4591 Impressions
8 Retweets
41 Likes
20 Bookmarks
1 Reply
1 Quote
⚠️ Vulnerability Alert: Android Zero-Day Exploit Chain 📅 Timeline: Disclosure: 2024-02-28, Patch: 2025-02-05 📌 Attribution: Cellebrite, Serbian Police 🆔cveId: CVE-2024-53104,CVE-2024-53197,CVE-2024-50302 📊baseScore: 7.8 📏cvssMetrics:… https://t.co/rgXZ4g9u1I
@syedaquib77
28 Feb 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D982986-F7AE-4B56-8E3E-D34CE2B7AF38",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "3.12"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "4.20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"
}
],
"operator": "OR"
}
]
}
]