Bug 1227733 (CVE-2024-39509) - VUL-0: CVE-2024-39509: kernel: HID: core: remove unnecessary WARN_ON() in implement()
Summary: VUL-0: CVE-2024-39509: kernel: HID: core: remove unnecessary WARN_ON() in imp...
Status: IN_PROGRESS
Alias: CVE-2024-39509
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: David Sterba
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/413824/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-39509:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-07-12 19:15 UTC by SMASH SMASH
Modified: 2024-07-19 00:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-07-12 19:15:24 UTC 
In the Linux kernel, the following vulnerability has been resolved:

HID: core: remove unnecessary WARN_ON() in implement()

Syzkaller hit a warning [1] in a call to implement() when trying
to write a value into a field of smaller size in an output report.

Since implement() already has a warn message printed out with the
help of hid_warn() and value in question gets trimmed with:
	...
	value &= m;
	...
WARN_ON may be considered superfluous. Remove it to suppress future
syzkaller triggers.

[1]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
Modules linked in:
CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
...
Call Trace:
 <TASK>
 __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
 usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:904 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
...

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39509
https://www.cve.org/CVERecord?id=CVE-2024-39509
https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f
https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24
https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5
https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2
https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26
https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316
https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd
https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-39509.mbox