In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
Source: MITRE
Published: 2022-06-15
Updated: 2022-06-23
Type: CWE-125
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 4.6
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 0.9
Severity: MEDIUM