Vulnerability DatabaseCVE-2021-46932
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2021-46932
February 27, 2024
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens after input_register_device() call. So this patch moves dev->work initialization before registering input device
Related Resources (8)
https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2
https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f
https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e
https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46
https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0
https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012
https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4
https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Improper Initialization
CWE-665
EPSS
Base Score:
0.01