DEBIAN-CVE-2022-23220

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-23220
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-23220.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-23220
Upstream
Published
2022-01-21T16:15:08Z
Modified
2025-09-19T07:32:12.686486Z
Summary
[none]
Details

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.

References

Affected packages

Debian:11 / usbview

Package

Name
usbview
Purl
pkg:deb/debian/usbview?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0-21-g6fe2f4f-2+deb11u1

Affected versions

2.*

2.0-21-g6fe2f4f-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / usbview

Package

Name
usbview
Purl
pkg:deb/debian/usbview?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0-21-g6fe2f4f-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / usbview

Package

Name
usbview
Purl
pkg:deb/debian/usbview?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0-21-g6fe2f4f-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / usbview

Package

Name
usbview
Purl
pkg:deb/debian/usbview?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0-21-g6fe2f4f-2.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}