CVE-2022-2652 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-2652

CVE-2022-2652

August 04, 2022

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

Related Resources (5)

https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd

https://security-tracker.debian.org/tracker/CVE-2022-2652

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2652.json

https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5

https://nvd.nist.gov/vuln/detail/CVE-2022-2652

Do you need more information?

CVSS v4

Base Score:

8.3

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

LOW

Subsequent System Availability

LOW

CVSS v3

Base Score:

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Use of Externally-Controlled Format String

CWE-134

EPSS

Base Score:

0.05

Products

Solutions

Resources

Company

Compare

Developer Tools