In the Linux kernel, the following vulnerability has been resolved:
Input: appletouch - initialize work before device registration
Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization.
This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens after input_register_device() call.
So this patch moves dev->work initialization before registering input device
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.6.23 (including) | 4.4.298 (excluding) |
Linux_kernel | Linux | 4.5.0 (including) | 4.9.296 (excluding) |
Linux_kernel | Linux | 4.10.0 (including) | 4.14.261 (excluding) |
Linux_kernel | Linux | 4.15.0 (including) | 4.19.224 (excluding) |
Linux_kernel | Linux | 4.20.0 (including) | 5.4.170 (excluding) |
Linux_kernel | Linux | 5.5.0 (including) | 5.10.90 (excluding) |
Linux_kernel | Linux | 5.11.0 (including) | 5.15.13 (excluding) |