CVE-2024-39509 Affecting kernel-core package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL9-KERNELCORE-7450840
- published 15 Jul 2024
- disclosed 12 Jul 2024
Introduced: 12 Jul 2024
CVE-2024-39509 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:9 kernel-core.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-core package and not the kernel-core package as distributed by RHEL.
See How to fix? for RHEL:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
HID: core: remove unnecessary WARN_ON() in implement()
Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report.
Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers.
[1] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline] WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 Modules linked in: CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline] RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863 ... Call Trace: <TASK> __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline] usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ...
References
- https://access.redhat.com/security/cve/CVE-2024-39509
- https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
- https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
- https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
- https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
- https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
- https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
- https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
- https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca