Linux and Android: report buffer leak (CVE-2024-50302) #shorts

Summary

Today, we're diving into CVE-2024-50302, a vulnerability recently discovered and affecting the Linux kernel. This issue involves the improper handling of the HID core's report buffer, potentially leading to kernel memory leakage. Notably, Google has highlighted this among its urgent alerts, indicating the exploit's active usage, particularly across Android versions 12 to 15.

Product details

The vulnerability primarily impacts various versions of the Linux kernel, with specific commits identified as vulnerable. Affected versions include those before the fixed updates in branches like 3.12, while newer branches from 4.19 and onward remain unaffected. This flaw is linked to the HID core's handling of zero-initialization of report buffers, which could be manipulated to expose kernel memory.

Vulnerability type summary

This is an implementation vulnerability within the Linux kernel's HID core subsystem. It arises from improper initialization of memory buffers, which can be exploited to reveal sensitive kernel memory via crafted reports. Given its severe implications, the vulnerability has been actively exploited, especially targeting Android environments.

Details of the vulnerability

The vulnerability stems from the HID subsystem's failure to zero-initialize report buffers upon allocation, which are utilized by various drivers. This oversight can lead to kernel memory leakage if maliciously crafted input is processed. SUSE and other security agencies have released advisories, emphasizing the urgency to update affected systems to mitigate potential exploitation.

Conclusion

In conclusion, CVE-2024-50302 represents a critical risk for systems utilizing affected Linux kernel versions, with its impact already observed in active exploits, particularly in Android systems. Organizations relying on these systems should promptly apply security patches and review their exposure to ensure systems are secured against potential exploitation.

Watch the full video on YouTube: CVE-2024-50302

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-50302
Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
Provider
Linux
CWE / problem types
Affected Software Versions
Linux:Linux:[{'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': 'e7ea60184e1e88a3c9e437b3265cbb6439aa7e26', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': '3f9e88f2672c4635960570ee9741778d4135ecf5', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': 'd7dc68d82ab3fcfc3f65322465da3d7031d4ab46', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': '05ade5d4337867929e7ef664e7ac8e0c734f1aaf', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': '1884ab3d22536a5c14b17c78c2ce76d1734e8b0b', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': '9d9f5c75c0c7f31766ec27d90f7a6ac673193191', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': '492015e6249fbcd42138b49de3c588d826dd9648', 'status': 'affected', 'versionType': 'git'}, {'version': '27ce405039bfe6d3f4143415c638f56a3df77dca', 'lessThan': '177f25d1292c7e16e1199b39c85480f7f8815552', 'status': 'affected', 'versionType': 'git'}, {'version': 'b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7', 'status': 'affected', 'versionType': 'git'}, {'version': 'fe6c9b48ebc920ff21c10c50ab2729440c734254', 'status': 'affected', 'versionType': 'git'}],Linux:Linux:[{'version': '3.12', 'status': 'affected'}, {'version': '0', 'lessThan': '3.12', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '4.19.324', 'lessThanOrEqual': '4.19.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '5.4.286', 'lessThanOrEqual': '5.4.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '5.10.230', 'lessThanOrEqual': '5.10.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '5.15.172', 'lessThanOrEqual': '5.15.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '6.1.117', 'lessThanOrEqual': '6.1.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '6.6.61', 'lessThanOrEqual': '6.6.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '6.11.8', 'lessThanOrEqual': '6.11.*', 'status': 'unaffected', 'versionType': 'semver'}, {'version': '6.12', 'lessThanOrEqual': '*', 'status': 'unaffected', 'versionType': 'original_commit_for_fix'}]
Date Published
2024-11-19T01:30:51.300Z
Last Updated
2025-05-04T13:00:14.113Z