Bug 2173712 (CVE-2022-20132)

Summary: CVE-2022-20132 kernel: Out of bounds read in lg_probe and related functions of hid-lg.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, bhu, chwhite, crwood, ddepaula, debarbos, dfreiber, dhoward, dvlasenk, ezulian, fhrbata, hkrzesin, jarod, jburrell, jfaracco, jferlan, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, kernel-mgr, lgoncalv, lleshchi, lzampier, nmurray, ptalbert, qzhao, rogbas, rvrbovsk, scweaver, tyberry, vkumar, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds read flaw was found in the Linux kernel’s hid_is_using_ll_driver function, where the usage was found in how a user inserts a malicious USB device. This flaw allows a local user to access information without the required privileges.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-05 17:06:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2175501, 2175502, 2175511, 2175512    
Bug Blocks: 2173713    

Description Pedro Sampaio 2023-02-27 17:56:04 UTC 
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

https://source.android.com/security/bulletin/2022-06-01
https://android.googlesource.com/kernel/common/+/ddea17081f80af8ec1c9247f9b88579530e873ea
https://android.googlesource.com/kernel/common/+/a4909c90b75df36c04c3ec0f3081e6609ead4730
https://android.googlesource.com/kernel/common/+/8219b106a380a282d6c6cdbd01d7eda8187e89b9
https://android.googlesource.com/kernel/common/+/7b8a19b91787b8e30d50e4e9e2d7b50a950003a9
https://android.googlesource.com/kernel/common/+/5a72ef56c876d5f0dadd8eb3b682814ec32422e4
https://android.googlesource.com/kernel/common/+/e98c96b8b8a5a7a97a0c1ae75638b362b16f0187
https://android.googlesource.com/kernel/common/+/7320fb1abd44b68bbeeb6ad6eb828899ab6b617e
Comment 2 Alex 2023-03-05 12:25:30 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-36 [bug 2175502]
Affects: fedora-37 [bug 2175501]
Comment 4 Product Security DevOps Team 2023-03-05 17:06:36 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-20132
Comment 5 Justin M. Forbes 2023-03-14 19:03:12 UTC 
This was fixed for Fedora with the 5.15.8 stable kernel updates.