Bottlerocket: kernel-6.1: security update to 2.9.1

medium Tenable Cloud Security Plugin ID 428072

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with
unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a
really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this
allocation failure is handled properly and request is rejected, it results in syzkaller reports.
Additionally, such request may put undue burden on the system which will try to free a lot of memory for a
bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see
devices that can track more than 100 contacts. (CVE-2024-46745)

Plugin Details

Severity: Medium

ID: 428072

Version: Revision 1.6

Type: Local

Published: 6/30/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-46745

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/12/2023

Reference Information

CVE: CVE-2024-46745