CVE-2022-2652

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-2652

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2652.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2652

Downstream

DEBIAN-CVE-2022-2652

UBUNTU-CVE-2022-2652

openSUSE-SU-2022:10159-1

openSUSE-SU-2022:10160-1

openSUSE-SU-2024:12372-1

Related

Published

2022-08-04T09:35:37Z

Modified

2026-02-19T01:37:45.095856Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVSS Calculator

Summary

Use of Externally-Controlled Format String in umlaeute/v4l2loopback

Details

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

Database specific

{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-134"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2652.json"
}

References

Affected packages

Git / github.com/umlaeute/v4l2loopback

Affected ranges

Type

GIT

Repo

https://github.com/umlaeute/v4l2loopback

Events

Introduced

Fixed

64a216af4c09c9ba9326057d7e78994271827eff

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.6"
        }
    ]
}

Affected versions

v0.*

v0.0

v0.1

v0.10.0

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.2

v0.3

v0.3.1

v0.4.0

v0.4.1

v0.5.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 241.0,
            "function_hash": "17655112517341927947855752917222436908"
        },
        "source": "https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff",
        "deprecated": false,
        "id": "CVE-2022-2652-547173f8",
        "signature_type": "Function",
        "target": {
            "function": "vidioc_fill_name",
            "file": "v4l2loopback.c"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "607323426929696240384345123304587602",
                "126162870000493936069617165373821292745",
                "85643229720984706472731090811458114495",
                "107448680855750404162403722163778660045"
            ]
        },
        "source": "https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff",
        "deprecated": false,
        "id": "CVE-2022-2652-88b5ae4c",
        "signature_type": "Line",
        "target": {
            "file": "v4l2loopback.c"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2652.json"

Git / github.com/v4l2loopback/v4l2loopback

Affected ranges

Type: GIT
Repo: https://github.com/v4l2loopback/v4l2loopback
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e4cd225557486c420f6a34411f98c575effd43dd

Affected versions

v0.*

v0.0

v0.1

v0.10.0

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.2

v0.3

v0.3.1

v0.4.0

v0.4.1

v0.5.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.7.0

v0.7.1

v0.8.0

v0.9.0

v0.9.1

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1349.0,
            "function_hash": "274784180735557093665846749706206048667"
        },
        "source": "https://github.com/v4l2loopback/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd",
        "deprecated": false,
        "id": "CVE-2022-2652-2c787083",
        "signature_type": "Function",
        "target": {
            "function": "vidioc_querycap",
            "file": "v4l2loopback.c"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "262514196616214796308095471843831246256",
                "302506495182271439896700798722027783645",
                "265352794914620443317624149207610803571",
                "270556655472954525905887242051867458333",
                "310308737864205908898128503558395795380",
                "84511011984775287962644553050385331413",
                "244106889796439449548158295482160506678",
                "224098727542074230562953580409407783554"
            ]
        },
        "source": "https://github.com/v4l2loopback/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd",
        "deprecated": false,
        "id": "CVE-2022-2652-5039efdf",
        "signature_type": "Line",
        "target": {
            "file": "v4l2loopback.c"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 5665.0,
            "function_hash": "124694354941320819147030808424706657329"
        },
        "source": "https://github.com/v4l2loopback/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd",
        "deprecated": false,
        "id": "CVE-2022-2652-ddb7d7a8",
        "signature_type": "Function",
        "target": {
            "function": "v4l2_loopback_add",
            "file": "v4l2loopback.c"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2652.json"