CVE-2022-46342

CWE-416 — Use After Free10 documents8 sources

Severity

8.8HIGH

EPSS

0.1%

top 66.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Fedoraproject Fedora X.org X Server

Timeline

PublishedDec 14

Latest updateFeb 16

Description

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Debianxwayland< 2:22.1.6-1+2

▶Debianxorg-server< 2:1.20.11-1+deb11u4+3

▶NVDx.org/x_server1.20.4

▶CVEListV5xorg-x11-serverxorg-x11-server-1.20.4

Also affects: Debian Linux 11.0, Fedora 36, 37

🔴Vulnerability Details

OSV

CVE-2022-46342: A vulnerability was found in X↗2022-12-14

▶

GHSA

GHSA-5hp7-2mv5-p69r: A vulnerability was found in X↗2022-12-14

▶

CVEList

CVE-2022-46342: A vulnerability was found in X↗2022-12-14

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2023-02-16

▶

BSD

OpenBSD 7.2 Errata 009: SECURITY FIX↗2022-12-14

▶

Ubuntu

X.Org X Server vulnerabilities↗2022-12-14

▶

Red Hat

xorg-x11-server: XvdiSelectVideoNotify use-after-free↗2022-12-14

▶

BSD

OpenBSD 7.1 Errata 015: SECURITY FIX↗2022-12-14

▶