CVE-2022-3551

CWE-404 CWE-401 — Memory Leak7 documents7 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 26.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org X Server X.org Server Debian Debian Linux +1 more

Timeline

PublishedOct 17

Latest updateNov 23

Description

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

▶NVDx.org/x_server< 21.1.6

▶Debianxorg-server< 2:1.20.11-1+deb11u3+3

▶CVEListV5x.org/servern/a

▶Debianxwayland< 2:22.1.5-1+2

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

Patches

Patch: cgit.freedesktop.org ↗Patch: cgit.freedesktop.org ↗

🔴Vulnerability Details

CVEList

X.org Server xkb.c ProcXkbGetKbdByName memory leak↗2022-10-17

▶

OSV

CVE-2022-3551: A vulnerability, which was classified as problematic, has been found in X↗2022-10-17

▶

GHSA

GHSA-3j3c-w82w-2cmg: A vulnerability, which was classified as problematic, has been found in X↗2022-10-17

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2022-11-23

▶

Red Hat

xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c↗2022-10-17

▶

Debian

CVE-2022-3551: xorg-server - A vulnerability, which was classified as problematic, has been found in X.org Se...↗2022

▶