[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024071206-CVE-2024-39509-fce1@gregkh>
Date: Fri, 12 Jul 2024 14:21:15 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-39509: HID: core: remove unnecessary WARN_ON() in implement()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
HID: core: remove unnecessary WARN_ON() in implement()
Syzkaller hit a warning [1] in a call to implement() when trying
to write a value into a field of smaller size in an output report.
Since implement() already has a warn message printed out with the
help of hid_warn() and value in question gets trimmed with:
...
value &= m;
...
WARN_ON may be considered superfluous. Remove it to suppress future
syzkaller triggers.
[1]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
Modules linked in:
CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
...
Call Trace:
<TASK>
__usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
...
The Linux kernel CVE team has assigned CVE-2024-39509 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 4.19.317 with commit 955b3764671f
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 5.4.279 with commit f9db5fbeffb9
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 5.10.221 with commit 33f6832798dd
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 5.15.162 with commit 8bac61934cd5
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 6.1.95 with commit bfd546fc7fd7
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 6.6.35 with commit 30f76bc468b9
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 6.9.6 with commit 655c6de2f215
Issue introduced in 4.7 with commit 95d1c8951e5b and fixed in 6.10-rc3 with commit 4aa2dcfbad53
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-39509
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/hid/hid-core.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
Powered by blists - more mailing lists