CVE-2022-1215 - log back

CVE-2022-1215 created at 09 May 2022 23:42:58
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ Format string vulnerability in evdev device handling
References
+ https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
+ https://www.openwall.com/lists/oss-security/2022/04/20/2
Notes
+ When a device is detected by libinput, libinput logs several messages through log handlers set up by the callers. These log handlers usually eventually result in a printf call. Logging happens with the privileges of the caller, in the case of Xorg this may be root.