Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers. [1] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 Modules linked in: CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline] RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 ... Call Trace: <TASK> __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline] usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ...
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.7, < 4.19.317 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893fPatch
- https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24Patch
- https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5Patch
- https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2Patch
- https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26Patch
- https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316Patch
- https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fdPatch
- https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399caPatch
- https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893fPatch
- https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24Patch
- https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5Patch
- https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2Patch
- https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26Patch
- https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316Patch
- https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fdPatch
FAQ
What is CVE-2024-39509?
CVE-2024-39509 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a...
How severe is CVE-2024-39509?
CVE-2024-39509 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39509?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.