In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.
History

Tue, 24 Dec 2024 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770

Sun, 29 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 18 Sep 2024 07:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.
Title Input: uinput - reject requests with unreasonable number of slots
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-18T07:12:05.798Z

Updated: 2024-12-19T09:22:17.037Z

Reserved: 2024-09-11T15:12:18.266Z

Link: CVE-2024-46745

cve-icon Vulnrichment

Updated: 2024-09-29T14:49:15.724Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-18T08:15:03.667

Modified: 2024-09-20T12:30:51.220

Link: CVE-2024-46745

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-18T00:00:00Z

Links: CVE-2024-46745 - Bugzilla