CVE-2024-39509

Summary

In the Linux kernel, the following vulnerability has been resolved:

HID: core: remove unnecessary WARN_ON() in implement()

Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report.

Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: … value &= m; … WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers.

[1] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 Modules linked in: CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline] RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 … Call Trace: <TASK> __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline] usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f …

Affected Software

VendorProductVersion RangeStatus
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < 955b3764671f3f157215194972d9c01a3a4bd316affected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < f9db5fbeffb951cac3f0fb1c2eeffb79785399caaffected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < 33f6832798dd3297317901cc1db556ac3ae80c24affected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < 8bac61934cd563b073cd30b8cf6d5c758ab5ab26affected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < bfd546fc7fd76076f81bf41b85b51ceda30949fdaffected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < 30f76bc468b9b2cbbd5d3eb482661e3e4798893faffected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < 655c6de2f215b61d0708db6b06305eee9bbfeba2affected
LinuxLinux95d1c8951e5bd50bb89654a99a7012b1e75646bd < 4aa2dcfbad538adf7becd0034a3754e1bd01b2b5affected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux4.19.317 <= 4.19.*unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.95 <= 6.1.*unaffected
LinuxLinux6.6.35 <= 6.6.*unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References