Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-39509
HistoryJul 12, 2024 - 1:15 p.m.

CVE-2024-39509

2024-07-1213:15:13
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
8
linux kernel
hid core
vulnerability discerned

EPSS

0

Percentile

13.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

HID: core: remove unnecessary WARN_ON() in implement()

Syzkaller hit a warning [1] in a call to implement() when trying
to write a value into a field of smaller size in an output report.

Since implement() already has a warn message printed out with the
help of hid_warn() and value in question gets trimmed with:

value &= m;

WARN_ON may be considered superfluous. Remove it to suppress future
syzkaller triggers.

[1]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
Modules linked in:
CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863

Call Trace:
<TASK>
__usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f

Related

cvelist 1
ubuntucve 1
vulnrichment 1
debiancve 1
osv 15
redhatcve 1
cve 1
nessus 24
openvas 15
oraclelinux 3
cvelist
cvelist
CVE-2024-39509 HID: core: remove unnecessary WARN_ON() in implement()
2024-07-12 12:20:40
ubuntucve
ubuntucve
CVE-2024-39509
2024-07-12 00:00:00
vulnrichment
vulnrichment
CVE-2024-39509 HID: core: remove unnecessary WARN_ON() in implement()
2024-07-12 12:20:40
debiancve
debiancve
CVE-2024-39509
2024-07-12 13:15:13
osv
osv
CVE-2024-39509
2024-07-12 13:15:00
linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop, linux-ibm, linux-kvm, linux-oracle vulnerabilities
2024-09-12 09:40:42
linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4 vulnerabilities
2024-09-12 10:47:52
redhatcve
redhatcve
CVE-2024-39509
2024-07-14 12:26:34
cve
cve
CVE-2024-39509
2024-07-12 13:15:13
nessus
nessus
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7003-1)
2024-09-12 00:00:00
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7003-3)
2024-09-13 00:00:00
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12610)
2024-09-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-7003-1)
2024-09-12 00:00:00
Ubuntu: Security Advisory (USN-7003-3)
2024-09-16 00:00:00
Ubuntu: Security Advisory (USN-7003-2)
2024-09-12 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-09-10 00:00:00
Unbreakable Enterprise kernel-container security update
2024-09-11 00:00:00
Unbreakable Enterprise kernel security update
2024-09-12 00:00:00

EPSS

0

Percentile

13.4%

JSON
Related for NVD:CVE-2024-39509
cvelist1ubuntucve1vulnrichment1debiancve1osv15redhatcve1cve1nessus24openvas15oraclelinux3