In the Linux kernel, the following vulnerability has been resolved:
Input: appletouch - initialize work before device registration
Syzbot has reported warning in __flush_work(). This warning is caused by
work->func == NULL, which means missing work initialization.
This may happen, since input_dev->close() calls
cancel_work_sync(&dev->work), but dev->work initalization happens _after_
input_register_device() call.
So this patch moves dev->work initialization before registering input
device
CVE-2021-46932 - Medium Severity Vulnerability
Vulnerable Library - linux-stable-rtv4.1.33
Julia Cartwright's fork of linux-stable-rt.git
Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/julia/linux-stable-rt.git
Found in HEAD commit: 2a4fd3afc623ae79fea13880ff39350d42fea4e6
Found in base branch: master
Vulnerable Source Files (3)
/drivers/input/mouse/appletouch.c /drivers/input/mouse/appletouch.c /drivers/input/mouse/appletouch.c
Vulnerability Details
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device
Publish Date: 2024-02-27
URL: CVE-2021-46932
CVSS 3 Score Details (5.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2021-46932
Release Date: 2024-02-27
Fix Resolution: v4.4.298,v4.9.296,v4.14.261,v4.19.224,v5.4.170,v5.10.90,v5.15.13
Step up your Open Source Security Game with Mend here