CVE-2022-20132 — Out-of-bounds Read in Google Android

CWE-125 — Out-of-bounds Read12 documents7 sources

Severity

4.6MEDIUMNVD

OSV5.9

EPSS

0.1%

top 77.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Google Android

Timeline

PublishedJun 15

Latest updateApr 12

Description

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages4 packages

▶Debianlinux/linux_kernel< 5.10.92-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-239.273

▶googlegoogle/android

▶debiandebian/linux< linux 5.15.15-1 (bookworm)

🔴Vulnerability Details

OSV

linux, linux-kvm, linux-lts-xenial vulnerabilities↗2023-04-12

▶

OSV

linux-aws vulnerabilities↗2023-04-06

▶

GHSA

GHSA-w6j9-57w3-6829: In lg_probe and related functions of hid-lg↗2022-06-16

▶

OSV

CVE-2022-20132: In lg_probe and related functions of hid-lg↗2022-06-15

▶

OSV

CVE-2022-20132: In lg_probe of hid-lg↗2022-06-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel vulnerabilities↗2023-04-12

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2023-04-06

▶

Red Hat

kernel: Out of bounds read in lg_probe and related functions of hid-lg.c↗2022-06-01

▶

Android

CVE-2022-20132: USB HID↗2022-06-01

▶