CVE-2022-2652
MEDIUMv4l2loopback < 0.12.6 - Kernel Stack Memory Leak and Denial of Service via Card Label Format String
Title source: llmDescription
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
Patch, Third Party Advisory x_refsource_misc
https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd
Scores
CVSS v3
6.0
EPSS
0.0032
EPSS Percentile
23.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-134
Status
published
Products (1)
v4l2loopback_project/v4l2loopback
< 0.12.6
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026