LinuxCVE-2024-39509CVE-2024-39509
In the Linux kernel, the following vulnerability has been resolved:
HID: core: remove unnecessary WARN_ON() in implement()
Syzkaller hit a warning [1] in a call to implement() when trying
to write a value into a field of smaller size in an output report.
Since implement() already has a warn message printed out with the
help of hid_warn() and value in question gets trimmed with:
…
value &= m;
…
WARN_ON may be considered superfluous. Remove it to suppress future
syzkaller triggers.
[1]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
Modules linked in:
CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
…
Call Trace:
<TASK>
__usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
…
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/hid/hid-core.c"
],
"versions": [
{
"version": "95d1c8951e5b",
"lessThan": "955b3764671f",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "f9db5fbeffb9",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "33f6832798dd",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "8bac61934cd5",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "bfd546fc7fd7",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "30f76bc468b9",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "655c6de2f215",
"status": "affected",
"versionType": "git"
},
{
"version": "95d1c8951e5b",
"lessThan": "4aa2dcfbad53",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/hid/hid-core.c"
],
"versions": [
{
"version": "4.7",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.7",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.317",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.279",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.221",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.162",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.95",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.35",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.6",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
Related
