Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-20132

Опубликовано: 01 июн. 2022
Источник: redhat
CVSS3: 4.6

Описание

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

An out-of-bounds read flaw was found in the Linux kernel’s hid_is_using_ll_driver function, where the usage was found in how a user inserts a malicious USB device. This flaw allows a local user to access information without the required privileges.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20->CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2173712kernel: Out of bounds read in lg_probe and related functions of hid-lg.c

4.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-20132

CVSS3: 4.6
ubuntu
больше 3 лет назад

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

nvd логотип

CVE-2022-20132

CVSS3: 4.6
nvd
больше 3 лет назад

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

debian логотип

CVE-2022-20132

CVSS3: 4.6
debian
больше 3 лет назад

In lg_probe and related functions of hid-lg.c and other USB HID files, ...

github логотип

GHSA-w6j9-57w3-6829

CVSS3: 4.6
github
больше 3 лет назад

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

fstec логотип

BDU:2022-05133

CVSS3: 4.6
fstec
больше 3 лет назад

Уязвимость компонента hid-lg.c ядра операционной системы Android, позволяющая нарушителю раскрыть защищаемую информацию

4.6 Medium

CVSS3