CVE-2022-2652 Use of Externally-Controlled Format String in umlaeute/v4l2loopback

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

v4l2loopback 格式化字符串错误漏洞

v4l2loopback is a kernel module for creating V4L2 loopback devices by umläute individual developers. A formatting string error vulnerability exists in v4l2loopback, which stems from potentially leaking kernel stack memory based on the way the string is formatted in the card label, as well as...

PT-2022-17916 · Unknown +3 · V4L2Loopback +3

Name of the Vulnerable Software and Affected Versions: v4l2loopback affected versions not specified Description: The issue allows for potential kernel stack memory leakage due to improperly crafted format strings in the card label. Additionally, there is a possibility of a Denial of Service DoS...

Format string modifiers in card label

Description When adding a new video device with v4l2loopback-ctl that contains a card label with format string modifiers the kernel driver interprets these when querying the device capabilities, thus leaking kernel memory stack contents. The vulnerability requires the attacker to have access to t...