DescriptionDepending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database||SUSE|
SUSE Security Advisories:
- openSUSE-SU-2022:10159-1, published Thu Oct 20 22:43:11 2022
- openSUSE-SU-2022:10160-1, published Thu Oct 20 22:43:11 2022
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.3|| ||Patchnames: |
|openSUSE Leap 15.4|| ||Patchnames: |
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA v4l2loopback-autoload-0.12.7-1.1
SUSE Timeline for this CVECVE page created: Thu Aug 4 18:00:08 2022
CVE page last modified: Wed Oct 26 23:40:35 2022