| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| Input: uinput - reject requests with unreasonable number of slots |
| |
| |
| When exercising uinput interface syzkaller may try setting up device |
| with a really large number of slots, which causes memory allocation |
| failure in input_mt_init_slots(). While this allocation failure is |
| handled properly and request is rejected, it results in syzkaller |
| reports. Additionally, such request may put undue burden on the |
| system which will try to free a lot of memory for a bogus request. |
| |
| Fix it by limiting allowed number of slots to 100. This can easily |
| be extended if we see devices that can track more than 100 contacts. |
| |
| The Linux kernel CVE team has assigned CVE-2024-46745 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 4.19.322 with commit 9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b |
| Fixed in 5.4.284 with commit 597ff930296c4c8fc6b6a536884d4f1a7187ec70 |
| Fixed in 5.10.226 with commit 51fa08edd80003db700bdaa099385c5900d27f4b |
| Fixed in 5.15.167 with commit 9719687398dea8a6a12a10321a54dd75eec7ab2d |
| Fixed in 6.1.110 with commit 61df76619e270a46fd427fbdeb670ad491c42de2 |
| Fixed in 6.6.51 with commit a4858b00a1ec57043697fb935565fe267f161833 |
| Fixed in 6.10.10 with commit d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7 |
| Fixed in 6.11 with commit 206f533a0a7c683982af473079c4111f4a0f9f5e |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-46745 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/input/misc/uinput.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b |
| https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70 |
| https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b |
| https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d |
| https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2 |
| https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833 |
| https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7 |
| https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e |
