Upstream information
Description
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 6 | 6 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H |
| Attack Vector | Local | Local |
| Attack Complexity | Low | Low |
| Privileges Required | High | High |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | High | High |
| Integrity Impact | None | None |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2022:10159-1, published Thu Oct 20 22:43:11 2022
- openSUSE-SU-2022:10160-1, published Thu Oct 20 22:43:11 2022
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Leap 15.3 |
| Patchnames: openSUSE-2022-10160 |
| openSUSE Leap 15.4 |
| Patchnames: openSUSE-2022-10159 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-12372 |
SUSE Timeline for this CVE
CVE page created: Thu Aug 4 18:00:08 2022CVE page last modified: Tue Sep 3 19:24:06 2024