Headline
CVE-2022-1215: CVE-2022-1215 libinput format string vulnerability
A format string vulnerability was found in libinput
oss-sec mailing list archives
From: Peter Hutterer <peter.hutterer () redhat com>
Date: Wed, 20 Apr 2022 15:58:20 +1000
Title: Format string vulnerability in libinput
Component: libinput, affecting all Wayland compositors and X.Org when using xf86-input-libinput
Report URL: https://gitlab.freedesktop.org/libinput/libinput/-/issues/752 Reporter: Albin Eldstål-Ahrens and Lukas Lamster CVSS: 7.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Disclosure date: Embargo cancelled due to an independent public bug filed
When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root.
The device name ends up as part of the format string and a kernel device with printf-style format string placeholders in the device name can enable an attacker to run malicious code. An exploit is possible through any device where the attacker controls the device name, e.g. /dev/uinput or Bluetooth devices.
All versions of libinput since 1.10 (released Feb 2018) are affected.
The upstream patch is available as commit 2a8b8fde90d63d48ce09ddae44142674bbca1c28
libinput releases that include these patches are:
- 1.20.1
- 1.19.4
- 1.18.2 Releases of versions 1.17.x and earlier are not planned at this stage.
Many thanks to Albin Eldstål-Ahrens and Benjamin Svensson from Assured AB for their discovery and responsible reporting of this issue.
This issue was independently discovered by Lukas Lamster. Many thanks for their discovery and responsible reporting.
Current thread:
- CVE-2022-1215 libinput format string vulnerability Peter Hutterer (Apr 19)
Related news
Gentoo Linux Security Advisory 202310-14 - A vulnerability has been discovered in libinput where an attacker may run malicious code by exploiting a format string vulnerability. Versions greater than or equal to 1.20.1 are affected.
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
Red Hat Security Advisory 2022-5257-01 - libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Issues addressed include format string and privilege escalation vulnerabilities.
An update for libinput is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1215: libinput: format string vulnerability may lead to privilege escalation
An update for libinput is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1215: libinput: format string vulnerability may lead to privilege escalation