CVE-2024-39509
Vulnerability from cvelistv5
Published
2024-07-12 12:20
Modified
2024-12-19 09:07
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers. [1] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 Modules linked in: CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline] RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 ... Call Trace: <TASK> __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline] usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ...
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
Impacted products
Vendor Product Version
Linux Linux Version: 4.7
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39509",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:06:44.616328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:39.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "955b3764671f3f157215194972d9c01a3a4bd316",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "f9db5fbeffb951cac3f0fb1c2eeffb79785399ca",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "33f6832798dd3297317901cc1db556ac3ae80c24",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "8bac61934cd563b073cd30b8cf6d5c758ab5ab26",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "bfd546fc7fd76076f81bf41b85b51ceda30949fd",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "30f76bc468b9b2cbbd5d3eb482661e3e4798893f",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "655c6de2f215b61d0708db6b06305eee9bbfeba2",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            },
            {
              "lessThan": "4aa2dcfbad538adf7becd0034a3754e1bd01b2b5",
              "status": "affected",
              "version": "95d1c8951e5bd50bb89654a99a7012b1e75646bd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: remove unnecessary WARN_ON() in implement()\n\nSyzkaller hit a warning [1] in a call to implement() when trying\nto write a value into a field of smaller size in an output report.\n\nSince implement() already has a warn message printed out with the\nhelp of hid_warn() and value in question gets trimmed with:\n\t...\n\tvalue \u0026= m;\n\t...\nWARN_ON may be considered superfluous. Remove it to suppress future\nsyzkaller triggers.\n\n[1]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\nModules linked in:\nCPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]\nRIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\n...\nCall Trace:\n \u003cTASK\u003e\n __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]\n usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636\n hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n..."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:07:34.288Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24"
        },
        {
          "url": "https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f"
        },
        {
          "url": "https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5"
        }
      ],
      "title": "HID: core: remove unnecessary WARN_ON() in implement()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39509",
    "datePublished": "2024-07-12T12:20:40.257Z",
    "dateReserved": "2024-06-25T14:23:23.753Z",
    "dateUpdated": "2024-12-19T09:07:34.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39509\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-12T13:15:13.197\",\"lastModified\":\"2024-11-21T09:27:52.407\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: core: remove unnecessary WARN_ON() in implement()\\n\\nSyzkaller hit a warning [1] in a call to implement() when trying\\nto write a value into a field of smaller size in an output report.\\n\\nSince implement() already has a warn message printed out with the\\nhelp of hid_warn() and value in question gets trimmed with:\\n\\t...\\n\\tvalue \u0026= m;\\n\\t...\\nWARN_ON may be considered superfluous. Remove it to suppress future\\nsyzkaller triggers.\\n\\n[1]\\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]\\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\\nModules linked in:\\nCPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\\nRIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]\\nRIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\\n...\\nCall Trace:\\n \u003cTASK\u003e\\n __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]\\n usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636\\n hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n...\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: n\u00facleo: eliminar WARN_ON() innecesario en implementar() Syzkaller recibi\u00f3 una advertencia [1] en una llamada a implementar() al intentar escribir un valor en un campo de tama\u00f1o m\u00e1s peque\u00f1o. tama\u00f1o en un informe de salida. Dado que implement() ya tiene un mensaje de advertencia impreso con la ayuda de hid_warn() y el valor en cuesti\u00f3n se recorta con: ... value \u0026amp;= m; ... WARN_ON puede considerarse superfluo. Elim\u00ednelo para suprimir futuros desencadenantes de syzkaller. [1] ADVERTENCIA: CPU: 0 PID: 5084 en drivers/hid/hid-core.c:1451 implementar drivers/hid/hid-core.c:1451 [en l\u00ednea] ADVERTENCIA: CPU: 0 PID: 5084 en drivers/hid /hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 M\u00f3dulos vinculados en: CPU: 0 PID: 5084 Comm: syz-executor424 No contaminado 6.9.0-rc7-syzkaller-00183 -gcf87f46fd34d #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/04/2024 RIP: 0010:implement drivers/hid/hid-core.c:1451 [en l\u00ednea] RIP: 0010:hid_output_report+0x548/ 0x760 drivers/hid/hid-core.c:1863... Seguimiento de llamadas:  __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [en l\u00ednea] usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid -core.c:636 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:904 [en l\u00ednea] __se_sys_ioctl+0xfc/0x170 fs /ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f...\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.