Bug 2074952 (CVE-2022-1215) - CVE-2022-1215 libinput: format string vulnerability may lead to privilege escalation
Summary: CVE-2022-1215 libinput: format string vulnerability may lead to privilege esc...
Keywords:
Status: NEW
Alias: CVE-2022-1215
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2076815 2076816 2077658 2077659 2077955
Blocks: 2074953
TreeView+ depends on / blocked
 
Reported: 2022-04-13 11:22 UTC by Marian Rehak
Modified: 2022-05-27 12:17 UTC (History)
5 users (show)

Fixed In Version: libinput 1.20.1, libinput 1.18.4, libinput 1.18.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2022-04-13 11:22:24 UTC
When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root.

Comment 2 Todd Cullum 2022-04-22 17:04:25 UTC
Created libinput tracking bugs for this issue:

Affects: fedora-all [bug 2077955]

Comment 3 John Helmert III 2022-04-28 15:27:56 UTC
Why hasn't this CVE been made public yet? This bug has been public since 04.22, and the issue itself has been public since 04.20.

https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
https://www.openwall.com/lists/oss-security/2022/04/20/2

Comment 5 Todd Cullum 2022-05-20 00:19:20 UTC
In reply to comment #3:
> Why hasn't this CVE been made public yet? This bug has been public since
> 04.22, and the issue itself has been public since 04.20.
> 
> https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
> https://www.openwall.com/lists/oss-security/2022/04/20/2

Note that we did not assign this CVE ID, so we do not know the answer to this.

Comment 6 John Helmert III 2022-05-20 00:31:01 UTC
Well, that leaves me really baffled. MITRE directed me to RedHat as the assigning CNA.

Comment 7 Todd Cullum 2022-05-20 00:35:32 UTC
In reply to comment #6:
> Well, that leaves me really baffled. MITRE directed me to RedHat as the
> assigning CNA.

Yeah that's incorrect. In fact, they assigned this. See here: https://github.com/CVEProject/cvelist/blob/fd2d9a4b9ec1412ab5fe680d05c29e1e9687482d/2022/1xxx/CVE-2022-1215.json

Comment 8 Todd Cullum 2022-05-20 00:43:39 UTC
In reply to comment #7:
> In reply to comment #6:
> > Well, that leaves me really baffled. MITRE directed me to RedHat as the
> > assigning CNA.
> 
> Yeah that's incorrect. In fact, they assigned this. See here:
> https://github.com/CVEProject/cvelist/blob/
> fd2d9a4b9ec1412ab5fe680d05c29e1e9687482d/2022/1xxx/CVE-2022-1215.json

Actually, that that I just provided may be incorrect. I'm bringing attention of someone here who could potentially confirm, we'll update you as soon as we can; thanks for bringing this up.

Comment 10 John Helmert III 2022-05-20 01:05:31 UTC
(In reply to Todd Cullum from comment #7)
> In reply to comment #6:
> > Well, that leaves me really baffled. MITRE directed me to RedHat as the
> > assigning CNA.
> 
> Yeah that's incorrect. In fact, they assigned this. See here:
> https://github.com/CVEProject/cvelist/blob/
> fd2d9a4b9ec1412ab5fe680d05c29e1e9687482d/2022/1xxx/CVE-2022-1215.json

As far as I've seen, that JSON is the same for all reserved CVEs, with the assigner always being MITRE. I've not been able to find any way to associate a reserved CVE with its CNA.

Comment 11 Todd Cullum 2022-05-23 19:53:21 UTC
In reply to comment #10:
> (In reply to Todd Cullum from comment #7)
> > In reply to comment #6:
> > > Well, that leaves me really baffled. MITRE directed me to RedHat as the
> > > assigning CNA.
> > 
> > Yeah that's incorrect. In fact, they assigned this. See here:
> > https://github.com/CVEProject/cvelist/blob/
> > fd2d9a4b9ec1412ab5fe680d05c29e1e9687482d/2022/1xxx/CVE-2022-1215.json
> 
> As far as I've seen, that JSON is the same for all reserved CVEs, with the
> assigner always being MITRE. I've not been able to find any way to associate
> a reserved CVE with its CNA.
Hi!

You're right, hence my comment#8 shortly thereafter above. Sorry about that, stay tuned!

Comment 13 msiddiqu 2022-05-27 12:17:01 UTC
In reply to comment #3:
> Why hasn't this CVE been made public yet? This bug has been public since
> 04.22, and the issue itself has been public since 04.20.
> 
> https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
> https://www.openwall.com/lists/oss-security/2022/04/20/2

Hi, We have re-published this to MITRE's end. It should be up there shortly at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1215


Note You need to log in before you can comment on or make changes to this bug.