Bugzilla – Bug 1202156
VUL-0: CVE-2022-2652: v4l2loopback: kernel module crashing when providing the card label on request
Last modified: 2023-04-19 15:42:15 UTC
CVE-2022-2652 Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2652 https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
This bug seems to approach a good date for CVE SLA fulfillment [1]. What is its status, please? [1] https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel
A gentle ping from Kernel Security Sentinel: https://confluence.suse.com/display/KSS/Kernel+Security+Sentinel This security bug has been ignored for weeks. Could you guys give an update (either fix or reassign-back)? Thanks.
Fixed for: openSUSE 15.3: https://build.opensuse.org/request/show/1006796 openSUSE 15.4: https://build.opensuse.org/request/show/1006795 Here only one chunk applies. idioc_querycap() backports to vidioc_fill_name(), no appropriate counterpart for v4l2_loopback_add(). openSUSE Factory: https://build.opensuse.org/request/show/1006794
openSUSE-SU-2022:10159-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1202156 CVE References: CVE-2022-2652 JIRA References: Sources used: openSUSE Leap 15.4 (src): v4l2loopback-0.12.5-lp154.3.3.1
openSUSE-SU-2022:10160-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1202156 CVE References: CVE-2022-2652 JIRA References: Sources used: openSUSE Leap 15.3 (src): v4l2loopback-0.12.5-lp153.2.5.1
done