{"id":"CVE-2024-46745","summary":"Input: uinput - reject requests with unreasonable number of slots","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - reject requests with unreasonable number of slots\n\n\nWhen exercising uinput interface syzkaller may try setting up device\nwith a really large number of slots, which causes memory allocation\nfailure in input_mt_init_slots(). While this allocation failure is\nhandled properly and request is rejected, it results in syzkaller\nreports. Additionally, such request may put undue burden on the\nsystem which will try to free a lot of memory for a bogus request.\n\nFix it by limiting allowed number of slots to 100. This can easily\nbe extended if we see devices that can track more than 100 contacts.","modified":"2026-04-16T04:32:47.689632419Z","published":"2024-09-18T07:12:05.798Z","related":["SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3559-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3566-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3591-1","SUSE-SU-2024:3592-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46745.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46745.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46745"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"38e7afe96c7c0ad900824911c61fdb04078033dc"},{"fixed":"9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b"},{"fixed":"597ff930296c4c8fc6b6a536884d4f1a7187ec70"},{"fixed":"51fa08edd80003db700bdaa099385c5900d27f4b"},{"fixed":"9719687398dea8a6a12a10321a54dd75eec7ab2d"},{"fixed":"61df76619e270a46fd427fbdeb670ad491c42de2"},{"fixed":"a4858b00a1ec57043697fb935565fe267f161833"},{"fixed":"d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7"},{"fixed":"206f533a0a7c683982af473079c4111f4a0f9f5e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46745.json"}}],"schema_version":"1.7.5"}