ISN 2025-10: Linux Kernel Vulnerability

First published 30 April 2025

CVSS 3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Linux Kernel used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

The Linux Kernel contains an uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted Human Interface Device (HID) report. Originally rated medium, IGEL rates this issue as high because CISA reports it as being used in the wild to attack Linux systems (CVE-2024-50302).

Update Instructions

• OS 12: Update to the IGEL OS base system 12.7.0 when available.

• OS 11: Update to OS 11.11.100 when available (planned for August).

References

• CVE-2024-50302 at NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50302

• CISA KEV Entry: https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog