Out-of-bounds read in Linux kernel hid driver



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-40946
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU94235

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40946

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the asus_report_fixup() function in drivers/hid/hid-asus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.6.35

CPE2.3 External links

https://git.kernel.org/stable/c/8a630e8acd97c1610f71bb6d864262163410ed6e
https://git.kernel.org/stable/c/9de62e88310cf50b3ee06344030dc16c19a26ccc
https://git.kernel.org/stable/c/5c117d5936ca7a271437f3d9eee0fce65edaca2c
https://git.kernel.org/stable/c/89e1ee118d6f0ee6bd6e80d8fe08839875daa241
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.36


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###