U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-46745 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://cert-portal.siemens.com/productcert/html/ssa-265688.html siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-355557.html siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-398330.html siemens-SADP
https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e kernel.org Patch 
https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b kernel.org Patch 
https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70 kernel.org Patch 
https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2 kernel.org Patch 
https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d kernel.org Patch 
https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b kernel.org Patch 
https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833 kernel.org Patch 
https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html CVE
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html CVE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-770 Allocation of Resources Without Limits or Throttling cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-46745
NVD Published Date:
09/18/2024
NVD Last Modified:
05/12/2026
Source:
kernel.org