Microphone Access Vulnerability in Ubuntu's Pipewire-Pulse
CVE-2022-4964

5.5MEDIUM

Key Information:

Vendor

Canonical Ltd.

Status
Ubuntu Pipewire-pulse
Vendor
CVE Published:
24 January 2024

What is CVE-2022-4964?

A vulnerability in the Pipewire-Pulse component of Ubuntu's snap framework allows unauthorized microphone access even when the requisite snap interface for audio recording is not properly set. This flaw poses significant risks as it enables potential exploitation by malicious actors, thereby compromising user privacy and security. Users should be aware of the implications this vulnerability holds and be proactive in applying relevant patches or updates to secure their systems.

Affected Version(s)

Ubuntu pipewire-pulse Linux 0

References

https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1...
issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964
issue-tracking
https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_...
issue-tracking

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

James Henstridge
.