CVE-2022-4964
MEDIUMUbuntu pipewire-pulse - Incorrect Default Permissions
Title source: llmDescription
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.
References (4)
Core 4
Core References
Exploit, Issue Tracking issue-tracking
https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964
Issue Tracking, Patch issue-tracking
https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779
Issue Tracking, Patch issue-tracking
https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
26.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (1)
canonical/ubuntu_pipewire-pulse
Published
Jan 24, 2024
Tracked Since
Feb 18, 2026