X.Org Xwayland vulnerabilities

CVE-2022-3551 [MEDIUM] CVE-2022-3551: A vulnerability, which was classified as problematic, has been found in X A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.

CVE-2022-2320 [HIGH] CVE-2022-2320: A flaw was found in the Xorg-x11-server A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

CVE-2022-2319 [HIGH] CVE-2022-2319: A flaw was found in the Xorg-x11-server A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

CVE-2021-4008 [HIGH] CVE-2021-4008: A flaw was found in xorg-x11-server in versions before 21 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-4011 [HIGH] CVE-2021-4011: A flaw was found in xorg-x11-server in versions before 21 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-4010 [HIGH] CVE-2021-4010: A flaw was found in xorg-x11-server in versions before 21 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-4009 [HIGH] CVE-2021-4009: A flaw was found in xorg-x11-server in versions before 21 A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.