CVE-2022-2652 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-2652 Interim 1 6 2025-02-16T03:24:50Z current 2022-08-05T23:39:11Z 2025-02-16T03:24:50Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-2652 Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2WY45Y5MOK5BLB5QRH5F6TM4CWLBTL5/ E-Mail link for openSUSE-SU-2022:10159-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T7TOUD7WBZ7HIZPTAF5TWVMSY3TRYEZ7/ E-Mail link for openSUSE-SU-2022:10160-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed v4l2loopback-autoload-0.12.5-lp153.2.5.1 v4l2loopback-autoload-0.12.5-lp154.3.3.1 v4l2loopback-autoload-0.12.7-1.1 v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 v4l2loopback-kmp-default-0.12.7_k5.19.10_1-1.1 v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 v4l2loopback-utils-0.12.5-lp153.2.5.1 v4l2loopback-utils-0.12.5-lp154.3.3.1 v4l2loopback-utils-0.12.7-1.1 v4l2loopback-autoload-0.12.5-lp153.2.5.1 as a component of openSUSE Leap 15.3 v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 as a component of openSUSE Leap 15.3 v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 as a component of openSUSE Leap 15.3 v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 as a component of openSUSE Leap 15.3 v4l2loopback-utils-0.12.5-lp153.2.5.1 as a component of openSUSE Leap 15.3 v4l2loopback-autoload-0.12.5-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-utils-0.12.5-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-autoload-0.12.7-1.1 as a component of openSUSE Tumbleweed v4l2loopback-kmp-default-0.12.7_k5.19.10_1-1.1 as a component of openSUSE Tumbleweed v4l2loopback-utils-0.12.7-1.1 as a component of openSUSE Tumbleweed Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). CVE-2022-2652 openSUSE Leap 15.3:v4l2loopback-autoload-0.12.5-lp153.2.5.1 openSUSE Leap 15.3:v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 openSUSE Leap 15.3:v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 openSUSE Leap 15.3:v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1 openSUSE Leap 15.3:v4l2loopback-utils-0.12.5-lp153.2.5.1 openSUSE Leap 15.4:v4l2loopback-autoload-0.12.5-lp154.3.3.1 openSUSE Leap 15.4:v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 openSUSE Leap 15.4:v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 openSUSE Leap 15.4:v4l2loopback-utils-0.12.5-lp154.3.3.1 openSUSE Tumbleweed:v4l2loopback-autoload-0.12.7-1.1 openSUSE Tumbleweed:v4l2loopback-kmp-default-0.12.7_k5.19.10_1-1.1 openSUSE Tumbleweed:v4l2loopback-utils-0.12.7-1.1 moderate 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H