LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46745: Input: uinput - reject requests with unreasonable number of slots

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

CVE-2024-46745 is a Linux kernel uinput issue where an unrealistic number of multitouch slots can force large memory-allocation attempts. The request is rejected, but the attempt can still burden the system. Sources do not show active exploitation or a CVSS score.

Executive priority

Treat this as routine kernel hygiene unless uinput is exposed to untrusted local workloads. It does not currently justify emergency response based on the provided evidence, but it should be included in normal kernel patch cycles.

Technical view

The flaw is in Linux input/uinput handling. Very large slot counts reach input_mt_init_slots(), causing allocation failure and system pressure. The upstream fix caps allowed slots at 100, with multiple stable-kernel backport commits referenced by the CVE record.

Likely exposure

Exposure is most relevant on Linux systems where untrusted users, software, or workloads can exercise the uinput interface. Internet-facing exposure is not indicated by the sources. Appliances or distributions using affected kernel branches may also depend on vendor backports.

Exploitation context

The source bundle describes syzkaller-triggered behavior, not real-world exploitation. CISA KEV status is false, and no cited source claims active exploitation. Practical impact appears to be local resource pressure or denial-of-service risk rather than data theft.

Researcher notes

Evidence is limited to the CVE description, stable kernel commits, and vendor advisories. The affected-version data in the bundle is not fully normalized, so rely on vendor kernel status and commit presence rather than version strings alone.

Mitigation direction

  • Upgrade to a vendor kernel containing the uinput slot-limit fix.
  • Check Debian LTS and other vendor advisories for backported kernel packages.
  • Limit uinput access to trusted users and workloads where operationally possible.
  • Track Siemens or appliance advisories if affected products use embedded Linux.
  • Do not deploy custom kernel builds without confirming the relevant stable commit is included.

Validation and detection

  • Inventory Linux kernel versions across servers, workstations, containers, and appliances.
  • Confirm the running kernel includes the uinput change limiting slots to 100.
  • Review device and container permissions for access to the uinput interface.
  • Check vendor advisories for product-specific fixed versions or mitigations.
  • Prioritize systems running untrusted local workloads or broad device access policies.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46745 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
14Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dc, 38e7afe96c7c0ad900824911c61fdb04078033dcunaffected
LinuxLinux2.6.36, 0, 4.19.322, 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, 6.10.10, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.