CVE-2022-46343 — Use After Free in X.org Foundation Xorg-x11-server

CWE-416 — Use After Free11 documents8 sources

Severity

8.8HIGHNVD

EPSS

1.2%

top 21.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org Xwayland THE X.org Foundation Xorg-x11-server +3 more

Timeline

PublishedDec 14

Latest updateJul 31

Description

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5the_x.org_foundation/xorg-x11-serverxorg-x11-server-1.20.4

▶Debianx.org/xorg-server< 2:1.20.11-1+deb11u4+3

▶NVDx.org/x_server1.20.4

▶Debianx.org/xwayland< 2:22.1.6-1+2

Also affects: Debian Linux 11.0, Fedora 36, 37

🔴Vulnerability Details

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2024-07-31

▶

OSV

CVE-2022-46343: A vulnerability was found in X↗2022-12-14

▶

GHSA

GHSA-cfjv-73gp-92j6: A vulnerability was found in X↗2022-12-14

▶

CVEList

CVE-2022-46343: A vulnerability was found in X↗2022-12-14

▶

📋Vendor Advisories

Ubuntu

X.Org X Server vulnerabilities↗2023-02-16

▶

Red Hat

xorg-x11-server: ScreenSaverSetAttributes use-after-free↗2022-12-14

▶

BSD

OpenBSD 7.2 Errata 009: SECURITY FIX↗2022-12-14

▶

Ubuntu

X.Org X Server vulnerabilities↗2022-12-14

▶

BSD

OpenBSD 7.1 Errata 015: SECURITY FIX↗2022-12-14

▶