A format string vulnerability was found in libinput

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libinput-1.19.3-2.el9 build changelog.

  - fix a format string vulnerability (#2076816) (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5331 advisory.

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5257 advisory.

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202310-14 (libinput: format string vulnerability when using xf86-input-libinput)

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-041 advisory.

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:5257 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-186 advisory.

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libinput package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libinput packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-092 advisory.

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5257 advisory.

    [1.19.3-2]
    - CVE-2022-1215: fix a format string vulnerability (#2076816)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5331 advisory.

    [1.16.3-3]
    - Fix a format string vulnerability in the device name logging (#2076815)       CVE-2022-1215

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5257 advisory.

    libinput is a library that handles input devices for display servers and other applications that need to     directly deal with input devices.

    Security Fix(es):

    * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5331 advisory.

    libinput is a library that handles input devices for display servers and other applications that need to     directly deal with input devices.

    Security Fix(es):

    * libinput: format string vulnerability may lead to privilege escalation (CVE-2022-1215)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libinput package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5382-2 advisory.

    USN-5382-1 fixed a vulnerability in libinput. This update provides the corresponding updates for Ubuntu     22.04 LTS.



Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1305-1 advisory.

  - A format string vulnerability was found in libinput (CVE-2022-1215)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5382-1 advisory.

    Albin Eldstl-Ahrens and Lukas Lamster discovered libinput did not properly handle input devices with     specially crafted names. A local attacker with physical access could use this to cause libinput to crash     or expose sensitive information.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
191344	CentOS 9 : libinput-1.19.3-2.el9	Nessus	CentOS Local Security Checks	high
184739	Rocky Linux 8 : libinput (RLSA-2022:5331)	Nessus	Rocky Linux Local Security Checks	high
184656	Rocky Linux 9 : libinput (RLSA-2022:5257)	Nessus	Rocky Linux Local Security Checks	high
183903	GLSA-202310-14 : libinput: format string vulnerability when using xf86-input-libinput	Nessus	Gentoo Local Security Checks	high
173147	Amazon Linux 2023 : libinput, libinput-devel, libinput-test (ALAS2023-2023-041)	Nessus	Amazon Linux Local Security Checks	high
167672	AlmaLinux 9 : libinput (ALSA-2022:5257)	Nessus	Alma Linux Local Security Checks	high
166996	Amazon Linux 2022 : (ALAS2022-2022-186)	Nessus	Amazon Linux Local Security Checks	high
165961	EulerOS Virtualization 3.0.6.0 : libinput (EulerOS-SA-2022-2569)	Nessus	Huawei Local Security Checks	high
165048	EulerOS 2.0 SP9 : libinput (EulerOS-SA-2022-2295)	Nessus	Huawei Local Security Checks	high
165036	EulerOS 2.0 SP9 : libinput (EulerOS-SA-2022-2324)	Nessus	Huawei Local Security Checks	high
164748	Amazon Linux 2022 : (ALAS2022-2022-092)	Nessus	Amazon Linux Local Security Checks	high
164210	EulerOS 2.0 SP10 : libinput (EulerOS-SA-2022-2245)	Nessus	Huawei Local Security Checks	high
164162	EulerOS 2.0 SP10 : libinput (EulerOS-SA-2022-2258)	Nessus	Huawei Local Security Checks	high
162804	Oracle Linux 9 : libinput (ELSA-2022-5257)	Nessus	Oracle Linux Local Security Checks	high
162681	Oracle Linux 8 : libinput (ELSA-2022-5331)	Nessus	Oracle Linux Local Security Checks	high
162651	RHEL 9 : libinput (RHSA-2022:5257)	Nessus	Red Hat Local Security Checks	high
162646	RHEL 8 : libinput (RHSA-2022:5331)	Nessus	Red Hat Local Security Checks	high
162448	EulerOS 2.0 SP8 : libinput (EulerOS-SA-2022-1935)	Nessus	Huawei Local Security Checks	high
162342	EulerOS 2.0 SP5 : libinput (EulerOS-SA-2022-1898)	Nessus	Huawei Local Security Checks	high
160401	Ubuntu 22.04 LTS : libinput vulnerability (USN-5382-2)	Nessus	Ubuntu Local Security Checks	high
160091	SUSE SLED15 / SLES15 Security Update : libinput (SUSE-SU-2022:1305-1)	Nessus	SuSE Local Security Checks	high
160028	Ubuntu 18.04 LTS / 20.04 LTS : libinput vulnerability (USN-5382-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2022-1215

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high