Satheesh575555 / linux-4.1.15_CVE-2023-28772

Other
0 stars 1 forks source link

CVE-2021-46932 (Medium) detected in linuxlinux-4.6 #898

Open mend-bolt-for-github[bot] opened 7 months ago

mend-bolt-for-github[bot] commented 7 months ago

CVE-2021-46932 - Medium Severity Vulnerability

Vulnerable Library - linuxlinux-4.6

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: 63ac601c421ad3f087ec68a99300cc5058d1cc54

Found in base branch: master

Vulnerable Source Files (3)

/drivers/input/mouse/appletouch.c /drivers/input/mouse/appletouch.c /drivers/input/mouse/appletouch.c

Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device

Publish Date: 2024-02-27

URL: CVE-2021-46932

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2021-46932

Release Date: 2024-02-27

Fix Resolution: v4.4.298,v4.9.296,v4.14.261,v4.19.224,v5.4.170,v5.10.90,v5.15.13


Step up your Open Source Security Game with Mend here