Published: 05/08/2020 Updated: 16/09/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

X.Org Xserver could allow a local authenticated malicious user to obtain sensitive information, caused by the failure to initialize the memory in xserverr pixmap data by the allocation for pixmap data in AllocatePixmap() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from heap memory, and use this information to launch further attacks against the affected system.

Vulnerability Trend

Vendor Advisories

Debian Bug report logs - #968986 xorg-server: CVE-2020-14347 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Aug 2020 12:33:00 UTC Severity: important Tags: security, upstream Found in v ...
Allocation for pixmap data in AllocatePixmap() does not initialize the memory in xserver, it leads to leak uninitialize heap memory to clients When the X server runs with elevated privileges This flaw can lead to ASLR bypass, which when combined with other flaws (known/unknown) could lead to lead to privilege elevation in the client ...
Several vulnerabilities have been discovered in the XOrg X server Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges In addition an ASLR bypass was fixed For the stable distribution (buster), these problems have been fixed in version 2:1204-1+deb10 ...

Mailing Lists

----- Forwarded message from Matthieu Herrb <matthieu () herrb eu> ----- Date: Fri, 31 Jul 2020 15:44:44 +0200 From: Matthieu Herrb <matthieu () herrb eu> To: xorg-announce () lists x org Cc: xorg-devel () lists x org Subject: XOrg security advisory: July 31, 2020: Xserver XOrg security advisory: July 31, 2020 X Server Pixel Data U ...