{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46745", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.266Z", "datePublished": "2024-09-18T07:12:05.798Z", "dateUpdated": "2024-09-18T07:12:05.798Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-18T07:12:05.798Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/input/misc/uinput.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "9c6d189f0c1c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "597ff930296c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "51fa08edd800", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "9719687398de", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "61df76619e27", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a4858b00a1ec", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d76fc0f0b18d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "206f533a0a7c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/input/misc/uinput.c"], "versions": [{"version": "4.19.322", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.284", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.226", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.167", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.110", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b"}, {"url": "https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70"}, {"url": "https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b"}, {"url": "https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d"}, {"url": "https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2"}, {"url": "https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833"}, {"url": "https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7"}, {"url": "https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e"}], "title": "Input: uinput - reject requests with unreasonable number of slots", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: uinput - rechazar solicitudes con un n\u00famero irrazonable de ranuras Al ejercitar la interfaz uinput, syzkaller puede intentar configurar el dispositivo con un n\u00famero realmente grande de ranuras, lo que provoca un error de asignaci\u00f3n de memoria en input_mt_init_slots(). Si bien este error de asignaci\u00f3n se maneja correctamente y la solicitud se rechaza, da como resultado informes de syzkaller. Adem\u00e1s, dicha solicitud puede poner una carga indebida en el sistema que intentar\u00e1 liberar una gran cantidad de memoria para una solicitud falsa. Arr\u00e9glelo limitando el n\u00famero permitido de ranuras a 100. Esto se puede ampliar f\u00e1cilmente si vemos dispositivos que pueden rastrear m\u00e1s de 100 contactos."}], "id": "CVE-2024-46745", "lastModified": "2024-09-20T12:30:51.220", "metrics": {}, "published": "2024-09-18T08:15:03.667", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: Input: uinput - reject requests with unreasonable number of slots", "id": "2313093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313093"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nInput: uinput - reject requests with unreasonable number of slots\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts."], "name": "CVE-2024-46745", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46745\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46745\nhttps://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46745-7b05@gregkh/T"], "threat_severity": "Moderate"}