Vulnerability-Lookup

BDU:2024-06348

Vulnerability from fstec - Published: 30.12.2021

Title

Уязвимость функции cancel_work_sync() в компоненте appletouch ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции cancel_work_sync() в компоненте appletouch ядра операционной системы Linux связана с некорректной инициализация dev->work после вызова input_register_device(). Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «Ред Софт», Сообщество свободного программного обеспечения

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Linux

Software Version

7.3 (РЕД ОС), от 5.5 до 5.10.89 включительно (Linux), от 5.11 до 5.15.12 включительно (Linux), от 4.15 до 4.19.223 включительно (Linux), от 4.20 до 5.4.169 включительно (Linux), от 4.5 до 4.9.295 включительно (Linux), от 4.10 до 4.14.260 включительно (Linux), от 2.6.23 до 4.4.297 включительно (Linux)

Possible Mitigations

Для Linux: https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2 https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46 https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4 https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46932 https://git.kernel.org/linus/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2 https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46 https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4 https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.298 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.296 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170 https://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46932-3a36@gregkh/ https://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46932-3a36@gregkh/T/#u https://redos.red-soft.ru/support/secure/ https://ubuntu.com/security/notices/USN-6938-1 https://www.cve.org/CVERecord?id=CVE-2021-46932

CWE

CWE-665

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 5.5 \u0434\u043e 5.10.89 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.169 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.295 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.260 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 2.6.23 \u0434\u043e 4.4.297 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f \nhttps://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2 \nhttps://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c \nhttps://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 \nhttps://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46 \nhttps://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e \nhttps://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4 \nhttps://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.12.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.12.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.08.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06348",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46932",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20.0 \u0434\u043e 5.4.170 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11.0 \u0434\u043e 5.15.13 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5.0 \u0434\u043e 5.10.90 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.15.0 \u0434\u043e 4.19.224 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.10.0 \u0434\u043e 4.14.261 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.5.0 \u0434\u043e 4.9.296 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.23 \u0434\u043e 4.4.298 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 cancel_work_sync() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 appletouch \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u0430\u044f \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f (CWE-665)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 cancel_work_sync() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 appletouch \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f dev-\u0026gt;work \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u0437\u043e\u0432\u0430 input_register_device(). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46932\nhttps://git.kernel.org/linus/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0\nhttps://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f\nhttps://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2\nhttps://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c\nhttps://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0\nhttps://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46\nhttps://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e\nhttps://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4\nhttps://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.261\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.224\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.298\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.296\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.90\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.170\nhttps://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46932-3a36@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024022750-CVE-2021-46932-3a36@gregkh/T/#u\nhttps://redos.red-soft.ru/support/secure/\nhttps://ubuntu.com/security/notices/USN-6938-1\nhttps://www.cve.org/CVERecord?id=CVE-2021-46932",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-665",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}

CVE-2021-46932 (GCVE-0-2021-46932)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2025-05-04 07:00

Title

Input: appletouch - initialize work before device registration

Summary

In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may happen, since input_dev->close() calls cancel_work_sync(&dev->work), but dev->work initalization happens _after_ input_register_device() call. So this patch moves dev->work initialization before registering input device

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4…
	https://git.kernel.org/stable/c/d1962f263a176f493…
	https://git.kernel.org/stable/c/292d2ac61fb0d9276…
	https://git.kernel.org/stable/c/a02e1404e27855089…
	https://git.kernel.org/stable/c/975774ea7528b4899…
	https://git.kernel.org/stable/c/9f329d0d6c91142cf…
	https://git.kernel.org/stable/c/e79ff8c68acb1eddf…
	https://git.kernel.org/stable/c/9f3ccdc3f6ef10084…

Impacted products

Vendor

Product

Version

Linux

Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < d1962f263a176f493400b8f91bfbf2bfedce951e (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < a02e1404e27855089d2b0a0acc4652c2ce65fe46 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 975774ea7528b489930b76a77ffc4d5379b95ff2 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 9f329d0d6c91142cf0ad08d23c72dd195db2633c (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < e79ff8c68acb1eddf709d3ac84716868f2a91012 (git)
Affected: 5a6eb676d3bc4d7a6feab200a92437b62ad298da , < 9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.4.298 , ≤ 4.4.* (semver)
Unaffected: 4.9.296 , ≤ 4.9.* (semver)
Unaffected: 4.14.261 , ≤ 4.14.* (semver)
Unaffected: 4.19.224 , ≤ 4.19.* (semver)
Unaffected: 5.4.170 , ≤ 5.4.* (semver)
Unaffected: 5.10.90 , ≤ 5.10.* (semver)
Unaffected: 5.15.13 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T16:12:57.763250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:01.591Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/mouse/appletouch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "d1962f263a176f493400b8f91bfbf2bfedce951e",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "a02e1404e27855089d2b0a0acc4652c2ce65fe46",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "975774ea7528b489930b76a77ffc4d5379b95ff2",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "9f329d0d6c91142cf0ad08d23c72dd195db2633c",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "e79ff8c68acb1eddf709d3ac84716868f2a91012",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            },
            {
              "lessThan": "9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0",
              "status": "affected",
              "version": "5a6eb676d3bc4d7a6feab200a92437b62ad298da",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/mouse/appletouch.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.298",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.296",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.261",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: appletouch - initialize work before device registration\n\nSyzbot has reported warning in __flush_work(). This warning is caused by\nwork-\u003efunc == NULL, which means missing work initialization.\n\nThis may happen, since input_dev-\u003eclose() calls\ncancel_work_sync(\u0026dev-\u003ework), but dev-\u003ework initalization happens _after_\ninput_register_device() call.\n\nSo this patch moves dev-\u003ework initialization before registering input\ndevice"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:00:36.105Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d2cb2bf39a6d17ef4bdc0e59c1a35cf5751ad8f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1962f263a176f493400b8f91bfbf2bfedce951e"
        },
        {
          "url": "https://git.kernel.org/stable/c/292d2ac61fb0d9276a0f7b7ce4f50426f2a1c99f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a02e1404e27855089d2b0a0acc4652c2ce65fe46"
        },
        {
          "url": "https://git.kernel.org/stable/c/975774ea7528b489930b76a77ffc4d5379b95ff2"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f329d0d6c91142cf0ad08d23c72dd195db2633c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e79ff8c68acb1eddf709d3ac84716868f2a91012"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f3ccdc3f6ef10084ceb3a47df0961bec6196fd0"
        }
      ],
      "title": "Input: appletouch - initialize work before device registration",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46932",
    "datePublished": "2024-02-27T09:44:00.108Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2025-05-04T07:00:36.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-06348

CVE-2021-46932 (GCVE-0-2021-46932)

Tags

Sightings

Nomenclature