Home > Vulnerability Database > CVE-2022-2652

Mend.io Vulnerability Database

CVE-2022-2652

Date: August 4, 2022

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

Language: C

Severity Score

6.0

Related Resources (5)

Url: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5

Url: https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd

Url: https://security-tracker.debian.org/tracker/CVE-2022-2652

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-2652

Url: https://www.mend.io/vulnerability-database/CVE-2022-2652

Severity Score

6.0

Weakness Type (CWE)

Format String Vulnerability

CWE-134

CVSS v3.1

Base Score:	6.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-2652

Date: August 4, 2022

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?