CVE-2022-2652

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-2652
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2652.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2652
Downstream
Related
Published
2022-08-04T09:35:37Z
Modified
2025-12-04T10:19:21.362616Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L CVSS Calculator
Summary
Use of Externally-Controlled Format String in umlaeute/v4l2loopback
Details

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2652.json",
    "cwe_ids": [
        "CWE-134"
    ],
    "cna_assigner": "@huntrdev"
}
References

Affected packages

Git / github.com/umlaeute/v4l2loopback

Affected ranges

Type
GIT
Repo
https://github.com/umlaeute/v4l2loopback
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
64a216af4c09c9ba9326057d7e78994271827eff
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.6"
        }
    ]
}

Affected versions

v0.*

v0.0
v0.1
v0.10.0
v0.11.0
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.2
v0.3
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2022-2652-547173f8",
        "target": {
            "function": "vidioc_fill_name",
            "file": "v4l2loopback.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "17655112517341927947855752917222436908",
            "length": 241.0
        },
        "source": "https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "id": "CVE-2022-2652-88b5ae4c",
        "target": {
            "file": "v4l2loopback.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "607323426929696240384345123304587602",
                "126162870000493936069617165373821292745",
                "85643229720984706472731090811458114495",
                "107448680855750404162403722163778660045"
            ]
        },
        "source": "https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff",
        "signature_type": "Line"
    }
]