CVE-2021-46932

Input: appletouch - initialize work before device registration

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by
work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls
cancel_work_sync(&dev->work), but dev->work initalization happens _after_
input_register_device() call. So this patch moves dev->work initialization before registering input
device

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Entrada: appletouch: inicializa el trabajo antes del registro del dispositivo Syzbot ha informado una advertencia en __flush_work(). Esta advertencia es causada por work->func == NULL, lo que significa que falta la inicialización del trabajo. Esto puede suceder, ya que input_dev->close() llama a cancel_work_sync(&dev->work), pero la inicialización dev->work ocurre _después_ de la llamada input_register_device(). Entonces este parche mueve la inicialización dev->work antes de registrar el dispositivo de entrada

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device

It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service. Ã©Â»ÂÃ¦ÂÂÃ¨ÂÂª discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-02-27 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-665: Improper Initialization

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/5a6eb676d3bc4d7a6feab200a92437b62ad298da	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4	2022-01-05
https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e	2022-01-05
https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f	2022-01-05
https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46	2022-01-05
https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2	2022-01-05
https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c	2022-01-05
https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012	2022-01-05
https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0	2021-12-31

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 4.4.298 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 4.4.298"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 4.9.296 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 4.9.296"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 4.14.261 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 4.14.261"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 4.19.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 4.19.224"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 5.4.170 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 5.4.170"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 5.10.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 5.10.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 5.15.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 5.15.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.23 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.23 < 5.16"		en		Affected