openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10159-1)

2022-10-21T00:00:00

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10159-1 advisory. - Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). (CVE-2022-2652) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "OPENSUSE-2022-10159-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10159-1)", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10159-1 advisory.\n\n - Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). (CVE-2022-2652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-10-21T00:00:00", "modified": "2023-10-09T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/166361", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?3cd03f43", "https://bugzilla.suse.com/1202156", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2652", "https://www.suse.com/security/cve/CVE-2022-2652"], "cvelist": ["CVE-2022-2652"], "immutableFields": [], "lastseen": "2023-10-10T05:01:36", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-2652"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2652"]}, {"type": "huntr", "idList": ["1B055DA5-7A9E-4409-99D7-030280D242D5"]}, {"type": "nessus", "idList": ["OPENSUSE-2022-10160-1.NASL"]}, {"type": "prion", "idList": ["PRION:CVE-2022-2652"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10159-1", "OPENSUSE-SU-2022:10160-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2652"]}]}, "score": {"value": 5.6, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-2652", "epss": 0.00042, "percentile": 0.05823, "modified": "2023-05-02"}], "vulnersScore": 5.6}, "_state": {"dependencies": 1696914126, "score": 1698852850, "epss": 0}, "_internal": {"score_hash": "bd0e51a27e8cd9ad68045bda13c519fc"}, "pluginID": "166361", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10159-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166361);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/09\");\n\n script_cve_id(\"CVE-2022-2652\");\n\n script_name(english:\"openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10159-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:10159-1 advisory.\n\n - Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack\n memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when\n providing the card label on request (reproduce e.g. with many %s modifiers in a row). (CVE-2022-2652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202156\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2WY45Y5MOK5BLB5QRH5F6TM4CWLBTL5/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3cd03f43\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2652\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected v4l2loopback-autoload, v4l2loopback-kmp-64kb, v4l2loopback-kmp-default and / or v4l2loopback-utils\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-autoload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/SuSE/release');\nif (isnull(os_release) || os_release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar _os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:os_release);\nif (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\n_os_ver = _os_ver[1];\nif (os_release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', os_release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);\n\nvar pkgs = [\n {'reference':'v4l2loopback-autoload-0.12.5-lp154.3.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1', 'cpu':'aarch64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-utils-0.12.5-lp154.3.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (rpm_check(release:_release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'v4l2loopback-autoload / v4l2loopback-kmp-64kb / etc');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:v4l2loopback-autoload", "p-cpe:/a:novell:opensuse:v4l2loopback-kmp-64kb", "p-cpe:/a:novell:opensuse:v4l2loopback-kmp-default", "p-cpe:/a:novell:opensuse:v4l2loopback-utils", "cpe:/o:novell:opensuse:15.4"], "solution": "Update the affected v4l2loopback-autoload, v4l2loopback-kmp-64kb, v4l2loopback-kmp-default and / or v4l2loopback-utils packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2022-2652", "vendor_cvss2": {"score": 5.9, "vector": "CVSS2#AV:L/AC:L/Au:M/C:C/I:N/A:C"}, "vendor_cvss3": {"score": 6, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.0"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-10-20T00:00:00", "vulnerabilityPublicationDate": "2022-08-04T00:00:00", "exploitableWith": []}

{"suse": [{"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for v4l2loopback fixes the following issues:\n\n - Fix string format vulnerability (boo#1202156, CVE-2022-2652)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-2022-10160=1", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-20T00:00:00", "type": "suse", "title": "Security update for v4l2loopback (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2652"], "modified": "2022-10-20T00:00:00", "id": "OPENSUSE-SU-2022:10160-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T7TOUD7WBZ7HIZPTAF5TWVMSY3TRYEZ7/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for v4l2loopback fixes the following issues:\n\n - Fix string format vulnerability (boo#1202156, CVE-2022-2652)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-2022-10159=1", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-20T00:00:00", "type": "suse", "title": "Security update for v4l2loopback (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2652"], "modified": "2022-10-20T00:00:00", "id": "OPENSUSE-SU-2022:10159-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2WY45Y5MOK5BLB5QRH5F6TM4CWLBTL5/", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-11-20T23:31:19", "description": "Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-08-04T10:15:00", "type": "prion", "title": "Format string", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2652"], "modified": "2022-08-10T13:40:00", "id": "PRION:CVE-2022-2652", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-2652", "cvss": {"score": 2.9, "vector": "AV:L/AC:L/Au:M/C:P/I:N/A:P"}}], "huntr": [{"lastseen": "2023-10-31T17:05:44", "description": "# Description\nWhen adding a new video device with `v4l2loopback-ctl` that contains a card label with format string modifiers the kernel driver interprets these when querying the device capabilities, thus leaking kernel memory (stack contents).\n\nThe vulnerability requires the attacker to have access to the `/dev/v4l2loopback`, which is owned by `root:root` with `chmod 600` by default. This attack can still be used successfully against kernels in lock down mode.\n\n# Proof of Concept\n```bash\nv4l2loopback-ctl add -n \"%p-%p-%p\"\ncat /sys/devices/virtual/video4linux/video2/name \n```\n\nOutput (example):\n```console\n/dev/video2\n00000000de899e9f-00000000f6d35a \n```\n\nExpected:\n```console\n/dev/video2\n%p-%p-%p\n```\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-07-28T18:44:16", "type": "huntr", "title": "Format string modifiers in card label", "bulletinFamily": "bugbounty", "cvss2": {"severity": "LOW", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2652"], "modified": "2022-08-03T20:04:08", "id": "1B055DA5-7A9E-4409-99D7-030280D242D5", "href": "https://www.huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5/", "cvss": {"score": 2.9, "vector": "AV:L/AC:L/Au:M/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-10-10T04:59:50", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10160-1 advisory.\n\n - Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). (CVE-2022-2652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-21T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10160-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2652"], "modified": "2023-10-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:v4l2loopback-autoload", "p-cpe:/a:novell:opensuse:v4l2loopback-kmp-64kb", "p-cpe:/a:novell:opensuse:v4l2loopback-kmp-default", "p-cpe:/a:novell:opensuse:v4l2loopback-kmp-preempt", "p-cpe:/a:novell:opensuse:v4l2loopback-utils", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-10160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166362", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:10160-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166362);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/09\");\n\n script_cve_id(\"CVE-2022-2652\");\n\n script_name(english:\"openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10160-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2022:10160-1 advisory.\n\n - Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack\n memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when\n providing the card label on request (reproduce e.g. with many %s modifiers in a row). (CVE-2022-2652)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202156\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T7TOUD7WBZ7HIZPTAF5TWVMSY3TRYEZ7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1031f9d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2652\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-autoload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:v4l2loopback-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/SuSE/release');\nif (isnull(os_release) || os_release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar _os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:os_release);\nif (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\n_os_ver = _os_ver[1];\nif (os_release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', os_release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);\n\nvar pkgs = [\n {'reference':'v4l2loopback-autoload-0.12.5-lp153.2.5.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'v4l2loopback-utils-0.12.5-lp153.2.5.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (rpm_check(release:_release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'v4l2loopback-autoload / v4l2loopback-kmp-64kb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-12-03T13:33:48", "description": "Depending on the way the format strings in the card label are crafted it's\npossible to leak kernel stack memory. There is also the possibility for DoS\ndue to the v4l2loopback kernel module crashing when providing the card\nlabel on request (reproduce e.g. with many %s modifiers in a row).", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-08-04T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2652", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2652"], "modified": "2022-08-04T00:00:00", "id": "UB:CVE-2022-2652", "href": "https://ubuntu.com/security/CVE-2022-2652", "cvss": {"score": 2.9, "vector": "AV:L/AC:L/Au:M/C:P/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-03T15:25:14", "description": "Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-08-04T10:15:00", "type": "debiancve", "title": "CVE-2022-2652", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2652"], "modified": "2022-08-04T10:15:00", "id": "DEBIANCVE:CVE-2022-2652", "href": "https://security-tracker.debian.org/tracker/CVE-2022-2652", "cvss": {"score": 2.9, "vector": "AV:L/AC:L/Au:M/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-03T15:07:28", "description": "Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.0, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-08-04T10:15:00", "type": "cve", "title": "CVE-2022-2652", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.9, "vectorString": "AV:L/AC:L/Au:M/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2652"], "modified": "2022-08-10T13:40:00", "cpe": [], "id": "CVE-2022-2652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2652", "cvss": {"score": 2.9, "vector": "AV:L/AC:L/Au:M/C:P/I:N/A:P"}, "cpe23": []}]}

openSUSE 15 Security Update : v4l2loopback (openSUSE-SU-2022:10159-1)

Description

Related