Bug 1219138 (CVE-2022-4964) - VUL-0: CVE-2022-4964: pipewire: microphone access is allowed via pipewire-pulse module on snap application even when the snap interface for audio-record is not set
Summary: VUL-0: CVE-2022-4964: pipewire: microphone access is allowed via pipewire-pul...
Status: RESOLVED WONTFIX
Alias: CVE-2022-4964
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Antonio Larrosa
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/392074/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-4964:3.3:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-24 11:41 UTC by SMASH SMASH
Modified: 2024-01-31 11:34 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Andrea Mattiazzo 2024-01-24 11:44:41 UTC 
Tracking as affected:
- SUSE:ALP:Source:Standard:1.0/pipewire        
- SUSE:SLE-15-SP3:Update/pipewire
- SUSE:SLE-15-SP4:Update/pipewire              
- SUSE:SLE-15-SP5:Update/pipewire              
- openSUSE:Factory/pipewire
Comment 4 Antonio Larrosa 2024-01-31 09:46:23 UTC 
This doesn't affect SLE nor openSUSE products since we don't support snap.
Comment 5 Andrea Mattiazzo 2024-01-31 11:34:03 UTC 
Ok, will close it as unaffected.