Bug#1016685: marked as done (v4l2loopback: CVE-2022-2652 - leaking kernel memory via crafted card labels)

Sun, 14 Dec 2025 07:03:19 -0800 

Your message dated Sun, 14 Dec 2025 16:01:16 +0100
with message-id <[email protected]>
and subject line Re: v4l2loopback: CVE-2022-2652 - leaking kernel memory via 
crafted card labels
has caused the Debian Bug report #1016685,
regarding v4l2loopback: CVE-2022-2652 - leaking kernel memory via crafted card 
labels
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1016685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016685
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: v4l2loopback
Version: 0.12.7-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>

Hi,

The following vulnerability was published for v4l2loopback (and is not
included in the recent v0.12.7 git tag).

CVE-2022-2652[0]:
| Depending on the way the format strings in the card label are crafted
| it's possible to leak kernel stack memory. There is also the
| possibility for DoS due to the v4l2loopback kernel module crashing
| when providing the card label on request (reproduce e.g. with many %s
| modifiers in a row).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2652
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2652

Please adjust the affected versions in the BTS as needed.



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.18.0-3-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---
--- Begin Message --- 
oldstable (Debian/bullseye) shipped with 0.12.7 which has the fix included.
in order to not keep this report open forever, i am now closing it.
thanks.

--- End Message ---

Reply via email to