| The vulnerability, tracked as CVE-2021-46932, is related to the initialization of work in the appletouch driver. Specifically, the issue arises because the `input_dev->close()` function calls `cancel_work_sync(&dev->work)`, but the initialization of `dev->work` occurs after the `input_register_device()` call. This can lead to a situation where `work->func == NULL`, resulting in a warning in `__flush_work()`. |
| |
| The problem is that the work structure is not initialized before registering the input device, which can cause issues when trying to cancel or flush the work. To fix this issue, the initialization of `dev->work` needs to be moved before registering the input device. |
| |
| This vulnerability was introduced in kernel version 2.6.23 with commit 5a6eb676d3bc and has been fixed in various kernel versions, including 4.4.298, 4.9.296, 4.14.261, 4.19.224, 5.4.170, 5.10.90, 5.15.13, and 5.16. |
| |
| The affected file is `drivers/input/mouse/appletouch.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to fix this issue, as well as other bugfixes. If updating is not possible, individual changes can be cherry-picked from the specified commits. |
| |
