CVE-2024-57986

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections<br /> <br /> A report in 2019 by the syzbot fuzzer was found to be connected to two<br /> errors in the HID core associated with Resolution Multipliers. One of<br /> the errors was fixed by commit ea427a222d8b ("HID: core: Fix deadloop<br /> in hid_apply_multiplier."), but the other has not been fixed.<br /> <br /> This error arises because hid_apply_multipler() assumes that every<br /> Resolution Multiplier control is contained in a Logical Collection,<br /> i.e., there&amp;#39;s no way the routine can ever set multiplier_collection to<br /> NULL. This is in spite of the fact that the function starts with a<br /> big comment saying:<br /> <br /> * "The Resolution Multiplier control must be contained in the same<br /> * Logical Collection as the control(s) to which it is to be applied.<br /> ...<br /> * If no Logical Collection is<br /> * defined, the Resolution Multiplier is associated with all<br /> * controls in the report."<br /> * HID Usage Table, v1.12, Section 4.3.1, p30<br /> *<br /> * Thus, search from the current collection upwards until we find a<br /> * logical collection...<br /> <br /> The comment and the code overlook the possibility that none of the<br /> collections found may be a Logical Collection.<br /> <br /> The fix is to set the multiplier_collection pointer to NULL if the<br /> collection found isn&amp;#39;t a Logical Collection.