First published: Mon Jun 06 2022(Updated: )
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Android | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20132 is classified as a medium severity vulnerability due to its potential for local information disclosure.
To address CVE-2022-20132, ensure that your system is updated to one of the patched versions including linux 5.10.223-1, 5.10.226-1, 6.1.119-1, or later.
CVE-2022-20132 affects certain versions of Google Android that utilize the specified kernel versions prior to the updates.
CVE-2022-20132 can be exploited through a malicious USB HID device that is connected to the vulnerable system.
The potential impact of CVE-2022-20132 includes the risk of local information disclosure without requiring additional execution privileges.