CVE-2020-25712

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write10 documents8 sources
Severity
7.8HIGH
EPSS
0.1%
top 66.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
X.org X ServerRedhat Enterprise Linux
Timeline
PublishedDec 15
Latest updateMay 24

Description

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Debianxorg-server< 2:1.20.10-1+3
CVEListV5xorg-x11-serverxorg-x11-server 1.20.10
NVDx.org/x_server< 1.20.10
CVEListV5cariboucaribou 0.4.21

Also affects: Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-93gx-49qx-8f59: A flaw was found in xorg-x11-server before 12022-05-24
CVEList
CVE-2020-25712: A flaw was found in xorg-x11-server before 12020-12-15
OSV
CVE-2020-25712: A flaw was found in xorg-x11-server before 12020-12-15

📋Vendor Advisories

5
Red Hat
caribou: segfault on pressing ē since Xorg CVE-2020-25712 fix2021-01-13
Ubuntu
X.Org X Server vulnerabilities2020-12-07
Ubuntu
X.Org X Server vulnerabilities2020-12-01
Red Hat
xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability2020-12-01
Debian
CVE-2020-25712: xorg-server - A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in Xk...2020

💬Community

1
Bugzilla
CVE-2020-25712 xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability2020-10-12
CVE-2020-25712 (HIGH CVSS 7.8) | A flaw was found in xorg-x11-server | cvebase.io