2173712 – (CVE-2022-20132) CVE-2022-20132 kernel: Out of bounds read in lg_probe and related functions of hid-lg.c

Bug 2173712 (CVE-2022-20132) - CVE-2022-20132 kernel: Out of bounds read in lg_probe and related functions of hid-lg.c

Summary: CVE-2022-20132 kernel: Out of bounds read in lg_probe and related functions o...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-20132
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2175501 2175502 Red Hat2175511 Red Hat2175512
Blocks:	Embargoed2173713
TreeView+	depends on / blocked

Reported:	2023-02-27 17:56 UTC by Pedro Sampaio
Modified:	2023-03-14 19:03 UTC (History)
CC List:	37 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds read flaw was found in the Linux kernel’s hid_is_using_ll_driver function, where the usage was found in how a user inserts a malicious USB device. This flaw allows a local user to access information without the required privileges.
Clone Of:
Environment:
Last Closed:	2023-03-05 17:06:40 UTC

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-02-27 17:56:04 UTC

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

https://source.android.com/security/bulletin/2022-06-01
https://android.googlesource.com/kernel/common/+/ddea17081f80af8ec1c9247f9b88579530e873ea
https://android.googlesource.com/kernel/common/+/a4909c90b75df36c04c3ec0f3081e6609ead4730
https://android.googlesource.com/kernel/common/+/8219b106a380a282d6c6cdbd01d7eda8187e89b9
https://android.googlesource.com/kernel/common/+/7b8a19b91787b8e30d50e4e9e2d7b50a950003a9
https://android.googlesource.com/kernel/common/+/5a72ef56c876d5f0dadd8eb3b682814ec32422e4
https://android.googlesource.com/kernel/common/+/e98c96b8b8a5a7a97a0c1ae75638b362b16f0187
https://android.googlesource.com/kernel/common/+/7320fb1abd44b68bbeeb6ad6eb828899ab6b617e

Comment 2 Alex 2023-03-05 12:25:30 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-36 [bug 2175502]
Affects: fedora-37 [bug 2175501]

Comment 4 Product Security DevOps Team 2023-03-05 17:06:36 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-20132

Comment 5 Justin M. Forbes 2023-03-14 19:03:12 UTC

This was fixed for Fedora with the 5.15.8 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
bhu
chwhite
ddepaula
debarbos
dfreiber
dhoward
dvlasenk
ezulian
fhrbata
hkrzesin
jarod
jburrell
jfaracco
jferlan
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
kernel-mgr
lgoncalv
lleshchi
lzampier
nmurray
ptalbert
qzhao
rogbas
rvrbovsk
scweaver
swood
tyberry
vkumar
walters
williams