CVE-2021-46932

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 14

In the Linux kernel, the following vulnerability has been resolved:

Input: appletouch - initialize work before device registration

Syzbot has reported warning in __flush_work(). This warning is caused by
work->func == NULL, which means missing work initialization.

This may happen, since input_dev->close() calls
cancel_work_sync(&dev->work), but dev->work initalization happens after
input_register_device() call.

So this patch moves dev->work initialization before registering input
device

Weaknesses

CWE-665: Improper Initialization

CVE Status: PUBLISHED
CNA: kernel.org
Published Date: 2024-02-27 10:15:07
(6 months ago)
Updated Date: 2024-04-10 18:02:06
(5 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.23 version and prior 4.4.298 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.23	< 4.4.298
Linux Kernel from 4.5.0 version and prior 4.9.296 version	cpe:2.3:o:linux:linux_kernel	>= 4.5.0	< 4.9.296
Linux Kernel from 4.10.0 version and prior 4.14.261 version	cpe:2.3:o:linux:linux_kernel	>= 4.10.0	< 4.14.261
Linux Kernel from 4.15.0 version and prior 4.19.224 version	cpe:2.3:o:linux:linux_kernel	>= 4.15.0	< 4.19.224
Linux Kernel from 4.20.0 version and prior 5.4.170 version	cpe:2.3:o:linux:linux_kernel	>= 4.20.0	< 5.4.170
Linux Kernel from 5.5.0 version and prior 5.10.90 version	cpe:2.3:o:linux:linux_kernel	>= 5.5.0	< 5.10.90
Linux Kernel from 5.11.0 version and prior 5.15.13 version	cpe:2.3:o:linux:linux_kernel	>= 5.11.0	< 5.15.13