Vulnerability Details : CVE-2022-4964
Potential exploit
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.
Products affected by CVE-2022-4964
- cpe:2.3:a:canonical:ubuntu_pipewire-pulse:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-4964
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-4964
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | 2024-01-30 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
Canonical Ltd. | 2024-01-24 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
N/A
|
N/A
|
RedHat-CVE-2022-4964 | 2024-01-24 |
CWE ids for CVE-2022-4964
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-4964
-
https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779
pipewire-pulse: add snap permissions support (!1779) · Merge requests · PipeWire / pipewire · GitLabIssue Tracking;Patch
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964
CVE - ERROR: Couldn't find 'CVE-2022-4964'Third Party Advisory
-
https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/
Bug #1995707 “pipewire-pulse grants microphone access to snaps w...” : Bugs : pipewire package : UbuntuExploit;Issue Tracking
-
https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
wireplumber: add support for snap permissions (!567) · Merge requests · PipeWire / wireplumber · GitLabIssue Tracking;Patch
Jump to