---

CVE-2022-1215 - log back

CVE-2022-1215 created at 09 May 2022 23:42:58
Severity	+ High
Remote	+ Local
Type	+ Privilege escalation
Description	+ Format string vulnerability in evdev device handling
References	+ https://gitlab.freedesktop.org/libinput/libinput/-/issues/752 + https://www.openwall.com/lists/oss-security/2022/04/20/2
Notes	+ When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root.