cve/published/2024/CVE-2024-39509.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-39509: HID: core: remove unnecessary WARN_ON() in implement()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 HID: core: remove unnecessary WARN_ON() in implement()

 Syzkaller hit a warning [1] in a call to implement() when trying
 to write a value into a field of smaller size in an output report.

 Since implement() already has a warn message printed out with the
 help of hid_warn() and value in question gets trimmed with:
 	...
 	value &= m;
 	...
 WARN_ON may be considered superfluous. Remove it to suppress future
 syzkaller triggers.

 [1]
 WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
 WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
 Modules linked in:
 CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
 RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
 RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
 ...
 Call Trace:
  <TASK>
  __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
  usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
  hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
  vfs_ioctl fs/ioctl.c:51 [inline]
  __do_sys_ioctl fs/ioctl.c:904 [inline]
  __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
 ...

 The Linux kernel CVE team has assigned CVE-2024-39509 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 4.19.317 with commit 955b3764671f3f157215194972d9c01a3a4bd316
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 5.4.279 with commit f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 5.10.221 with commit 33f6832798dd3297317901cc1db556ac3ae80c24
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 5.15.162 with commit 8bac61934cd563b073cd30b8cf6d5c758ab5ab26
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.1.95 with commit bfd546fc7fd76076f81bf41b85b51ceda30949fd
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.6.35 with commit 30f76bc468b9b2cbbd5d3eb482661e3e4798893f
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.9.6 with commit 655c6de2f215b61d0708db6b06305eee9bbfeba2
 	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.10 with commit 4aa2dcfbad538adf7becd0034a3754e1bd01b2b5

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-39509
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/hid/hid-core.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
 	https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
 	https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
 	https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
 	https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
 	https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
 	https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
 	https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-39509: HID: core: remove unnecessary WARN_ON() in implement()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	HID: core: remove unnecessary WARN_ON() in implement()

	Syzkaller hit a warning [1] in a call to implement() when trying
	to write a value into a field of smaller size in an output report.

	Since implement() already has a warn message printed out with the
	help of hid_warn() and value in question gets trimmed with:
	...
	value &= m;
	...
	WARN_ON may be considered superfluous. Remove it to suppress future
	syzkaller triggers.

	[1]
	WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
	WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
	Modules linked in:
	CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
	Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
	RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
	RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
	...
	Call Trace:
	<TASK>
	__usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
	usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
	hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
	vfs_ioctl fs/ioctl.c:51 [inline]
	__do_sys_ioctl fs/ioctl.c:904 [inline]
	__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
	do_syscall_x64 arch/x86/entry/common.c:52 [inline]
	do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
	entry_SYSCALL_64_after_hwframe+0x77/0x7f
	...

	The Linux kernel CVE team has assigned CVE-2024-39509 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 4.19.317 with commit 955b3764671f3f157215194972d9c01a3a4bd316
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 5.4.279 with commit f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 5.10.221 with commit 33f6832798dd3297317901cc1db556ac3ae80c24
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 5.15.162 with commit 8bac61934cd563b073cd30b8cf6d5c758ab5ab26
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.1.95 with commit bfd546fc7fd76076f81bf41b85b51ceda30949fd
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.6.35 with commit 30f76bc468b9b2cbbd5d3eb482661e3e4798893f
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.9.6 with commit 655c6de2f215b61d0708db6b06305eee9bbfeba2
	Issue introduced in 4.7 with commit 95d1c8951e5bd50bb89654a99a7012b1e75646bd and fixed in 6.10 with commit 4aa2dcfbad538adf7becd0034a3754e1bd01b2b5

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-39509
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/hid/hid-core.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
	https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
	https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
	https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
	https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
	https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
	https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
	https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5