CVE-2021-46932

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the incorrect initialization of dev->work after calling input register device() in the appletouch component of the Linux kernel. This may cause a warning in flush work() due to work->func == NULL, indicating missing work initialization. The problem occurs because input dev->close() calls cancel work sync(&dev->work), but dev->work initialization happens after the input register device() call.

Recommendations To resolve the issue, move the dev->work initialization before registering the input device. As a temporary workaround, consider disabling the cancel work sync() function until a patch is available. Restrict access to the appletouch component to minimize the risk of exploitation. Avoid using the dev->work variable in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.