Redhat.comRH:CVE-2022-4964CVE-2022-4964
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
A flaw was discovered in pipewire-pulse, where Snap allows microphone access even in the absence of a configured snap interface for audio recording.
Mitigation
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/
bugzilla.redhat.com/show_bug.cgi?id=2260027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964
gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779
gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
nvd.nist.gov/vuln/detail/CVE-2022-4964
www.cve.org/CVERecord?id=CVE-2022-4964
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%