In the Linux kernel, the following vulnerability has been resolved:
media: mxl111sf: change mutex_init() location
Syzbot reported, that mxl111sfctrlmsg() uses uninitialized mutex. The problem was in wrong mutex_init() location.
Previous mutexinit(&state->msglock) call was in ->init() function, but dvbusbv2init() has this order of calls:
dvb_usbv2_init()
dvb_usbv2_adapter_init()
dvb_usbv2_adapter_frontend_init()
props->frontend_attach()
props->init()
Since mxl111sf* devices call mxl111sfctrlmsg() in ->frontendattach() internally we need to initialize state->msglock before frontendattach(). To achieve it, ->probe() call added to all mxl111sf_* devices, which will simply initiaize mutex.