Security update for v4l2loopback SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10159-1 Final 1 1 2022-10-20T16:01:41Z current 2022-10-20T16:01:41Z 2022-10-20T16:01:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for v4l2loopback This update for v4l2loopback fixes the following issues: - Fix string format vulnerability (boo#1202156, CVE-2022-2652) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10159 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2WY45Y5MOK5BLB5QRH5F6TM4CWLBTL5/ E-Mail link for openSUSE-SU-2022:10159-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202156 SUSE Bug 1202156 https://www.suse.com/security/cve/CVE-2022-2652/ SUSE CVE CVE-2022-2652 page openSUSE Leap 15.4 v4l2loopback-autoload-0.12.5-lp154.3.3.1 v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 v4l2loopback-utils-0.12.5-lp154.3.3.1 v4l2loopback-autoload-0.12.5-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 as a component of openSUSE Leap 15.4 v4l2loopback-utils-0.12.5-lp154.3.3.1 as a component of openSUSE Leap 15.4 Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). CVE-2022-2652 openSUSE Leap 15.4:v4l2loopback-autoload-0.12.5-lp154.3.3.1 openSUSE Leap 15.4:v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 openSUSE Leap 15.4:v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1 openSUSE Leap 15.4:v4l2loopback-utils-0.12.5-lp154.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2WY45Y5MOK5BLB5QRH5F6TM4CWLBTL5/ https://www.suse.com/security/cve/CVE-2022-2652.html CVE-2022-2652 https://bugzilla.suse.com/1202156 SUSE Bug 1202156