CVE-2024-46745 in Linuxinfo

Summary

by MITRE • 09/18/2024

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - reject requests with unreasonable number of slots


When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request.

Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/05/2026

The vulnerability described in CVE-2024-46745 pertains to the Linux kernel's uinput interface implementation, specifically addressing a potential denial of service scenario through malformed input device configuration requests. This issue manifests when the syzkaller fuzzing tool attempts to create input devices with an excessive number of multitouch slots, creating a scenario that could overwhelm system resources and potentially lead to system instability. The uinput subsystem serves as a virtual input device interface that allows user-space applications to inject input events into the kernel's input subsystem, making it a critical component for testing and virtualization environments. When processing device setup requests, the kernel's input multitouch initialization function input_mt_init_slots() encounters memory allocation failures when confronted with unreasonable slot counts, triggering defensive mechanisms that reject the invalid requests but at significant system cost.

The technical flaw resides in the lack of proper input validation for the number of multitouch slots requested during uinput device initialization. The Linux kernel's input subsystem, as defined by the common weakness enumeration CWE-129, fails to implement adequate bounds checking for user-supplied parameters that control memory allocation behavior. This vulnerability specifically affects the input_mt_init_slots() function which is responsible for initializing multitouch tracking capabilities for input devices. When syzkaller attempts to set up a device with an excessive number of slots, the kernel allocates memory for each slot but fails to validate that the requested number falls within reasonable operational parameters. The system's response to this invalid request involves substantial memory management overhead as it attempts to process and eventually free the memory for the bogus allocation, creating a resource exhaustion scenario that can impact overall system performance.

The operational impact of this vulnerability extends beyond simple denial of service conditions, as it creates a potential vector for resource exhaustion attacks against systems running Linux kernel versions affected by this issue. The system's attempt to handle an unreasonable number of slots places undue burden on memory management subsystems, potentially causing cascading failures in environments where multiple malicious or malformed requests occur simultaneously. This vulnerability affects systems that rely on uinput for testing, virtualization, or input device simulation, particularly those using automated fuzzing tools like syzkaller. The attack surface is broad as any application or process that can access the uinput interface and submit malformed device configuration requests can potentially trigger this condition, making it a significant concern for systems with open uinput access. The vulnerability's classification aligns with ATT&CK technique T1499.004, which covers network denial of service attacks, as the behavior results in system resource exhaustion that can render services unavailable.

The mitigation strategy implemented in the kernel fix involves establishing a hard limit of 100 multitouch slots for uinput device creation requests, effectively preventing the allocation of excessive memory resources while maintaining compatibility with existing legitimate use cases. This approach addresses the root cause by implementing proper input validation at the interface boundary, preventing malicious or malformed requests from consuming system resources unnecessarily. The fix demonstrates adherence to secure coding principles by implementing bounds checking and input sanitization, directly addressing CWE-129's requirement for validating input ranges before processing. The 100-slot limit provides a reasonable balance between functionality and security, allowing for typical multitouch device requirements while preventing the memory exhaustion scenarios that could occur with larger values. This mitigation strategy also aligns with defense-in-depth principles by implementing multiple layers of protection, including both input validation at the kernel boundary and proper error handling for memory allocation failures. The fix ensures that even if malformed requests reach the kernel, they cannot cause significant system impact due to the enforced limits, thereby protecting against resource exhaustion attacks while maintaining operational functionality for legitimate use cases.

Responsible

Linux

Reservation

09/11/2024

Disclosure

09/18/2024

Moderation

accepted

CPE

ready

EPSS

0.00283

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!