Your submission was sent successfully! Close

CVE-2022-20132

Published: 15 June 2022

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

Notes

AuthorNote
sbeattie
requires malicious USB devices to be inserted.
according to google, the following commits may also be
needed, that clean up missing Kconfig dependencies on USB_HID that
may cause build failures when incorporating the identified fixing
commits:
30cb3c2ad24b66fb7639a6d1f4390c74d6e68f94
d080811f27936f712f619f847389f403ac873b8f
f237d9028f844a86955fc9da59d7ac4a5c55d7d5
Priority

Low

CVSS 3 base score: 4.6

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
focal
Released (5.4.0-100.113)
jammy Not vulnerable
(5.15.0-17.17)
trusty Ignored
(was needed ESM criteria)
impish Ignored
(reached end-of-life)
bionic Needed

upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
Patches:
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by f83baa0cb6cfc92ebaf7f9d3a99d7e34f2e77a8a
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 918aa1ef104d286d16b9e7ef139a463ac7a296f0
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 720ac467204a70308bd687927ed475afb904e11b
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by 93020953d0fa7035fd036ad87a47ae2b7aa4ae33
linux-hwe
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Ignored
(replaced by linux-hwe-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
linux-hwe-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-100.113~18.04.1)
linux-hwe-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.11)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-hwe-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-hwe-5.13)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-hwe-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-hwe-edge
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Ignored
(superseded by linux-hwe)
bionic Ignored
(superseded by linux-hwe-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-lts-xenial
Launchpad, Ubuntu, Debian
xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

trusty Ignored
(was needed ESM criteria)
upstream
Released (5.16~rc5)
linux-kvm
Launchpad, Ubuntu, Debian
trusty Does not exist

impish Ignored
(reached end-of-life)
bionic Needed

jammy Not vulnerable
(5.15.0-1002.2)
upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
focal
Released (5.4.0-1056.58)
linux-aws
Launchpad, Ubuntu, Debian
bionic Needed

focal
Released (5.4.0-1066.69)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(5.15.0-1002.4)
trusty Ignored
(was needed ESM criteria)
upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
linux-aws-5.0
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-aws-5.3)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-aws-5.3
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-aws-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-aws-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1066.69~18.04.1)
linux-aws-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-aws-5.11)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-aws-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-aws-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-aws-hwe
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
linux-azure
Launchpad, Ubuntu, Debian
bionic Ignored
(superseded by linux-azure-5.3)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(5.15.0-1001.2)
trusty Ignored
(was needed ESM criteria)
upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
focal
Released (5.4.0-1070.73)
linux-azure-4.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

bionic Needed

upstream
Released (5.16~rc5)
linux-azure-5.3
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-azure-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-azure-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1070.73~18.04.1)
linux-azure-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-azure-5.11)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-azure-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-azure-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-azure-fde
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Needs triage

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-bluefield
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
focal
Released (5.4.0-1028.31)
linux-dell300x
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

bionic Needed

upstream
Released (5.16~rc5)
linux-azure-edge
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-azure-5.3)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-fips
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Does not exist

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
linux-gcp
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Ignored
(superseded by linux-gcp-5.3)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(5.15.0-1001.3)
upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
focal
Released (5.4.0-1065.69)
linux-gcp-4.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

bionic Needed

upstream
Released (5.16~rc5)
linux-gcp-5.3
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gcp-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-gcp-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1065.69~18.04.1)
linux-gcp-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-gcp-5.11)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-gcp-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(was needs-triage now end-of-life)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-gcp-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-gke
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Ignored
(reached end of standard support)
bionic Does not exist

impish Does not exist

jammy Not vulnerable
(5.15.0-1002.2)
upstream
Released (5.16~rc5)
focal
Released (5.4.0-1063.66)
linux-gke-4.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

bionic Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-gke-5.0
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gke-5.3)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-gke-5.3
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-gke-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-gke-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1063.66~18.04.1)
linux-gkeop
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Not vulnerable
(5.15.0-1001.2)
upstream
Released (5.16~rc5)
focal
Released (5.4.0-1034.35)
linux-gkeop-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1034.35~18.04.1)
linux-ibm
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Not vulnerable
(5.15.0-1002.2)
upstream
Released (5.16~rc5)
focal
Released (5.4.0-1015.16)
linux-ibm-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1015.16~18.04.1)
linux-intel-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-intel-iotg
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable
(5.15.0-1004.6)
upstream
Released (5.16~rc5)
linux-intel-iotg-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Not vulnerable
(5.15.0-1003.5~20.04.1)
upstream
Released (5.16~rc5)
linux-lowlatency
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable
(5.15.0-22.22)
upstream
Released (5.16~rc5)
linux-oracle
Launchpad, Ubuntu, Debian
trusty Does not exist

impish Ignored
(reached end-of-life)
bionic Needed

focal
Released (5.4.0-1064.68)
jammy Not vulnerable
(5.15.0-1001.3)
upstream
Released (5.16~rc5)
xenial Ignored
(was needed ESM criteria)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-oracle-5.3)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-oracle-5.3
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-oracle-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-oracle-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

bionic
Released (5.4.0-1064.68~18.04.1)
upstream
Released (5.16~rc5)
linux-oracle-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-oracle-5.11)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-oracle-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-oracle-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-oem
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Ignored
(superseded by linux-hwe)
focal Does not exist

impish Does not exist

jammy Does not exist

bionic Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-oem-5.6
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-oem-5.10
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-oem-5.13
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-oem-5.14
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal
Released (5.14.0-1022.24)
upstream
Released (5.16~rc5)
linux-oem-5.17
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

impish Does not exist

jammy Not vulnerable
(5.17.0-1003.3)
upstream
Released (5.16~rc5)
linux-oem-osp1
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic Ignored
(was needs-triage now end-of-life)
linux-raspi
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Ignored
(reached end-of-life)
jammy Not vulnerable
(5.15.0-1002.2)
upstream
Released (5.16~rc5)
focal
Released (5.4.0-1053.60)
linux-raspi2
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Ignored
(end of standard support)
focal Ignored
(replaced by linux-raspi)
impish Does not exist

jammy Does not exist

bionic Needed

upstream
Released (5.16~rc5)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Ignored
(superseded by linux-raspi-5.4)
focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-raspi-5.4
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

focal Does not exist

impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
bionic
Released (5.4.0-1053.60~18.04.1)
linux-riscv
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.8)
impish Ignored
(reached end-of-life)
jammy Not vulnerable
(5.15.0-1004.4)
upstream
Released (5.16~rc5)
linux-riscv-5.8
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Ignored
(superseded by linux-riscv-5.11)
impish Does not exist

jammy Does not exist

upstream
Released (5.16~rc5)
linux-riscv-5.11
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

impish Does not exist

jammy Does not exist

focal Ignored
(was needs-triage now end-of-life)
upstream
Released (5.16~rc5)
linux-snapdragon
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Ignored
(end of standard support)
focal Does not exist

impish Does not exist

jammy Does not exist

bionic Needed

upstream
Released (5.16~rc5)
linux-lowlatency-hwe-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Not vulnerable
(5.15.0-33.34~20.04.1)
jammy Does not exist

upstream
Released (5.16~rc5)
linux-hwe-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

focal Not vulnerable
(5.15.0-33.34~20.04.1)
upstream
Released (5.16~rc5)
linux-aws-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

jammy Does not exist

upstream Needs triage

focal Not vulnerable

linux-gcp-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Needs triage

jammy Does not exist

upstream Needs triage

linux-gke-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Needs triage

jammy Does not exist

upstream Needs triage

linux-azure-5.15
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Needs triage

jammy Does not exist

upstream Needs triage