CVE-2022-2652 — Vulnetix

CVE-2022-2652 PUBLISHED CVSS 7.300000190734863 HIGH

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

EPSS 0.05% · 17.1th percentile

Risk Scores

CVSS 3.0

7.300000190734863

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

EPSS Score

0.05%

17.1th percentile

Affected Products

Vendor	Product	Versions
v4l2loopback_project	v4l2loopback	0
umlaeute	umlaeute/v4l2loopback	*

Exploit Intelligence

https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 (nist-nvd)
https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd (circl)

Timeline

Aug 4, 2022 CVE Published
Aug 5, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Dec 22, 2022 EPSS Score
Feb 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 25, 2023 EPSS Score
May 10, 2023 EPSS Score
Jun 25, 2023 EPSS Score
Aug 11, 2023 EPSS Score
Sep 26, 2023 EPSS Score

References

https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 url
https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd url
https://nvd.nist.gov/vuln/detail/CVE-2022-2652 advisory

Open in Interactive Console →