CVE-2022-2652

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions v4l2loopback (affected versions not specified)

Description The issue allows for potential kernel stack memory leakage due to improperly crafted format strings in the card label. Additionally, there is a possibility of a Denial of Service (DoS) because the v4l2loopback kernel module may crash when providing the card label on request, especially when many %s modifiers are used in a row.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

ALT-PU-2022-7650

ALT-PU-2023-8425

CVE-2022-2652

OPENSUSE-SU-2022:10159-1

OPENSUSE-SU-2022:10160-1

OPENSUSE-SU-2022_10159-1

OPENSUSE-SU-2022_10160-1

OPENSUSE-SU-2024:12372-1

Affected Products

Alt Linux

Debian

Suse

V4L2Loopback

CVE-2022-2652

Weakness Enumeration

Related Identifiers

Affected Products

References · 17