5.5

CVE-2024-45008

Input: MT - limit max slots

In the Linux kernel, the following vulnerability has been resolved:

Input: MT - limit max slots

syzbot is reporting too large allocation at input_mt_init_slots(), for
num_slots is supplied from userspace using ioctl(UI_DEV_CREATE).

Since nobody knows possible max slots, this patch chose 1024.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.321
LinuxLinux Kernel Version >= 4.20 < 5.4.283
LinuxLinux Kernel Version >= 5.5 < 5.10.225
LinuxLinux Kernel Version >= 5.11 < 5.15.166
LinuxLinux Kernel Version >= 5.16 < 6.1.107
LinuxLinux Kernel Version >= 6.2 < 6.6.48
LinuxLinux Kernel Version >= 6.7 < 6.10.7
LinuxLinux Kernel Version6.11 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549
Patch
https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e
Patch
https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322
Patch
https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba
Patch
https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43
Patch
https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505
Patch
https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb
Patch
https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html