PT-2022-1356 · Google+3 · Android Kernel+3

Published

2022-06-01

·

Updated

2024-06-24

·

CVE-2022-20132

CVSS v2.0

4.9

Medium

VectorAV:L/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Android kernel
Description The issue is caused by an out of bounds read in the hid-lg.c component of the Android kernel due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations For Android kernel, consider disabling the lg probe function and related functions in hid-lg.c and other USB HID files until a patch is available. Restrict access to the hid-lg.c component to minimize the risk of exploitation. Avoid using malicious USB HID devices with the affected Android kernel until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ASB-A-188677105
BDU:2022-05133
CVE-2022-20132
OESA-2022-1725
OPENSUSE-SU-2022:2549-1
OPENSUSE-SU-2022_2376-1
OPENSUSE-SU-2022_2411-1
OPENSUSE-SU-2022_2422-1
OPENSUSE-SU-2022_2520-1
OPENSUSE-SU-2022_2549-1
OPENSUSE-SU-2022_2615-1
OPENSUSE-SU-2024_2185-1
SUSE-SU-2022:2376-1
SUSE-SU-2022:2377-1
SUSE-SU-2022:2379-1
SUSE-SU-2022:2382-1
SUSE-SU-2022:2393-1
SUSE-SU-2022:2407-1
SUSE-SU-2022:2411-1
SUSE-SU-2022:2424-1
SUSE-SU-2022:2424-2
SUSE-SU-2022:2478-1
SUSE-SU-2022:2520-1
SUSE-SU-2022:2549-1
SUSE-SU-2022:2615-1
SUSE-SU-2022:2629-1
SUSE-SU-2022:2809-1
SUSE-SU-2023:0416-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2185-1
USN-6001-1
USN-6013-1
USN-6014-1

Affected Products

Android Kernel
Astra Linux
Suse
Ubuntu