Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-20132
HistoryJun 15, 2022 - 12:00 a.m.

CVE-2022-20132

2022-06-1500:00:00
ubuntu.com
ubuntu.com
21

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

In lg_probe and related functions of hid-lg.c and other USB HID files,
there is a possible out of bounds read due to improper input validation.
This could lead to local information disclosure if a malicious USB HID
device were plugged in, with no additional execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions:
Android kernelAndroid ID: A-188677105References: Upstream kernel

Notes

Author Note
sbeattie requires malicious USB devices to be inserted. according to google, the following commits may also be needed, that clean up missing Kconfig dependencies on USB_HID that may cause build failures when incorporating the identified fixing commits: 30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94 d080811f27936f712f619f847389f403ac873b8f f237d9028f844a86955fc9da59d7ac4a5c55d7d5
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-169.177UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-239.273) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-100.113UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1121.129UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1066.69UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1155.170) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1117.123) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1066.69~18.04.1UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1120.128~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1131.144~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
Rows per page:
1-10 of 421

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%