http://bugzilla.opensuse.org/show_bug.cgi?id=1202156 Bug ID: 1202156 Summary: VUL-0: CVE-2022-2652: v4l2loopback: kernel module crashing when providing the card label on request Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/338905/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2022-2652 Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2652 https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98... https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 -- You are receiving this mail because: You are on the CC list for the bug.