• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2022-2320
  1. CVEs

CVE-2022-2320

high
  • Information
  • CPEs
  • Plugins

Description

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

References

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939

https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc

https://www.zerodayinitiative.com/advisories/ZDI-22-963/

https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html

https://security.gentoo.org/glsa/202210-30

https://security.netapp.com/advisory/ntap-20221104-0003/

https://access.redhat.com/security/cve/CVE-2022-2320

https://bugzilla.redhat.com/show_bug.cgi?id=2106683

https://access.redhat.com/errata/RHSA-2022:7583

https://access.redhat.com/errata/RHSA-2022:8221

https://access.redhat.com/errata/RHSA-2022:8222

https://access.redhat.com/errata/RHSA-2022:5905

Details

Source: MITRE

Published: 2022-09-01

Updated: 2023-02-02

Type: CWE-787

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2023 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance