Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
References
Link | Resource |
---|---|
https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd | Patch Third Party Advisory |
https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntrdev
Published: 2022-08-04T09:35:37
Updated: 2022-08-04T09:35:37
Reserved: 2022-08-04T00:00:00
Link: CVE-2022-2652
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-04T10:15:07.990
Modified: 2022-08-10T13:40:00.297
Link: CVE-2022-2652
JSON object: View
Redhat Information
No data.
CWE