CVE-2022-46338

Name of the Vulnerable Software and Affected Versions g810-led version 0.4.2

Description The issue allows any process on the system to read traffic from keyboards, including sensitive data, due to a udev rule that makes supported device nodes world-readable and writable. This affects a LED configuration tool for Logitech Gx10 keyboards.

Recommendations For g810-led version 0.4.2, consider restricting access to the device nodes to prevent unauthorized processes from reading keyboard traffic until a patch is available. As a temporary workaround, review and modify the udev rule to limit read and write access to the device nodes.