HID Core Vulnerability in Linux Kernel Affecting Generic Input Devices
CVE-2024-57986

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability exists in the HID core of the Linux kernel related to the handling of Resolution Multipliers. An oversight in the hid_apply_multiplier function, which assumes that every Resolution Multiplier control is contained within a Logical Collection, poses significant risks. If no Logical Collection is defined, the code fails to adequately handle the resolution multiplier, leading to potential exploits. This was identified as part of a 2019 report by the syzbot fuzzer. To mitigate this issue, the core must correctly manage the state of the multiplier_collection pointer when a valid Logical Collection is not found.

Affected Version(s)

Linux 5a4abb36f312cf83206b1b7d1308ba47cba0b3cc

References

https://git.kernel.org/stable/c/bebf542e8d7c44a18a95f306b...

https://git.kernel.org/stable/c/ed3d3883476423f337aac0f22...

https://git.kernel.org/stable/c/ebaeca33d32c8bdb705a8c882...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025