CVE-2024-39509

CVSS v3.1

5.5

Medium

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d

Description: The issue is related to the HID core in the Linux kernel, where a warning is triggered when trying to write a value into a field of smaller size in an output report. The implement() function already has a warning message printed with the help of hid warn(), and the value in question gets trimmed. The WARN ON may be considered superfluous and can be removed to suppress future syzkaller triggers.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the HID core vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-617

Related Identifiers

BDU:2024-10999

CVE-2024-39509

DLA-4008-1

DSA-5730-1

DSA-5731-1

OESA-2024-1992

OESA-2024-1993

OESA-2024-1994

OESA-2024-1995

OESA-2024-1996

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2940-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7003-1

USN-7003-2

USN-7003-3

USN-7003-4

USN-7003-5

USN-7004-1

USN-7005-1

USN-7005-2

USN-7006-1

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-39509

Weakness Enumeration

Related Identifiers

Affected Products

References · 2700