{"id":"CVE-2024-39509","summary":"HID: core: remove unnecessary WARN_ON() in implement()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: remove unnecessary WARN_ON() in implement()\n\nSyzkaller hit a warning [1] in a call to implement() when trying\nto write a value into a field of smaller size in an output report.\n\nSince implement() already has a warn message printed out with the\nhelp of hid_warn() and value in question gets trimmed with:\n\t...\n\tvalue &= m;\n\t...\nWARN_ON may be considered superfluous. Remove it to suppress future\nsyzkaller triggers.\n\n[1]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]\nWARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\nModules linked in:\nCPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nRIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]\nRIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863\n...\nCall Trace:\n \u003cTASK\u003e\n __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]\n usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636\n hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...","modified":"2026-04-02T12:17:03.211440Z","published":"2024-07-12T12:20:40.257Z","related":["SUSE-SU-2024:2892-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39509.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/30f76bc468b9b2cbbd5d3eb482661e3e4798893f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/33f6832798dd3297317901cc1db556ac3ae80c24"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4aa2dcfbad538adf7becd0034a3754e1bd01b2b5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/655c6de2f215b61d0708db6b06305eee9bbfeba2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8bac61934cd563b073cd30b8cf6d5c758ab5ab26"},{"type":"WEB","url":"https://git.kernel.org/stable/c/955b3764671f3f157215194972d9c01a3a4bd316"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bfd546fc7fd76076f81bf41b85b51ceda30949fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9db5fbeffb951cac3f0fb1c2eeffb79785399ca"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39509.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39509"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"95d1c8951e5bd50bb89654a99a7012b1e75646bd"},{"fixed":"955b3764671f3f157215194972d9c01a3a4bd316"},{"fixed":"f9db5fbeffb951cac3f0fb1c2eeffb79785399ca"},{"fixed":"33f6832798dd3297317901cc1db556ac3ae80c24"},{"fixed":"8bac61934cd563b073cd30b8cf6d5c758ab5ab26"},{"fixed":"bfd546fc7fd76076f81bf41b85b51ceda30949fd"},{"fixed":"30f76bc468b9b2cbbd5d3eb482661e3e4798893f"},{"fixed":"655c6de2f215b61d0708db6b06305eee9bbfeba2"},{"fixed":"4aa2dcfbad538adf7becd0034a3754e1bd01b2b5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39509.json"}}],"schema_version":"1.7.5"}