Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 839729 (CVE-2022-1215)

Summary: <dev-libs/libinput-1.20.1: format string vulnerability when using xf86-input-libinput
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: major CC: polynomial-c
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.freedesktop.org/libinput/libinput/-/issues/752
See Also: https://github.com/gentoo/gentoo/pull/25466
Whiteboard: A2 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 839732    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-20 15:10:32 UTC
From https://lists.x.org/archives/xorg-announce/2022-April/003159.html:

"When a device is detected by libinput, libinput logs several messages through
log handlers set up by the callers. These log handlers usually eventually
result in a printf call. Logging happens with the privileges of the caller, in
the case of Xorg this may be root.

The device name ends up as part of the format string and a kernel device with
printf-style format string placeholders in the device name can enable an
attacker to run malicious code. An exploit is possible through any device
where the attacker controls the device name, e.g. /dev/uinput or Bluetooth
devices.

...

libinput releases that include these patches are:
- 1.20.1
- 1.19.4
- 1.18.2
Releases of versions 1.17.x and earlier are not planned at this stage."

Please stabilize 1.20.1.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-13 12:27:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e3ed499c382741bbff2a46df74a3d565ab121e9

commit 8e3ed499c382741bbff2a46df74a3d565ab121e9
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-05-13 12:25:28 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-05-13 12:27:33 +0000

    x11-drivers/xf86-input-libinput: Drop old versions
    
    Bug: https://bugs.gentoo.org/839729
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-drivers/xf86-input-libinput/Manifest            |  1 -
 .../xf86-input-libinput-1.2.0.ebuild                | 21 ---------------------
 2 files changed, 22 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2022-05-13 12:49:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a318cfd447c8724701237708a8be762cf181ecce

commit a318cfd447c8724701237708a8be762cf181ecce
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-05-13 12:48:45 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-05-13 12:49:21 +0000

    dev-libs/libinput: Drop old versions
    
    Bug: https://bugs.gentoo.org/839729
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 dev-libs/libinput/Manifest               |  2 -
 dev-libs/libinput/libinput-1.19.3.ebuild | 88 --------------------------------
 dev-libs/libinput/libinput-1.20.0.ebuild | 88 --------------------------------
 3 files changed, 178 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47e2c41644645c7b013f9b278b76495d319552c6

commit 47e2c41644645c7b013f9b278b76495d319552c6
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-05-13 12:47:56 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-05-13 12:49:16 +0000

    Revert "x11-drivers/xf86-input-libinput: Drop old versions"
    
    This reverts commit 8e3ed499c382741bbff2a46df74a3d565ab121e9.
    
    Bug: https://bugs.gentoo.org/839729
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-drivers/xf86-input-libinput/Manifest            |  1 +
 .../xf86-input-libinput-1.2.0.ebuild                | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)