Published: 15/09/2020 Updated: 16/09/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

X.Org server could allow a local authenticated malicious user to gain elevated privileges on the system, caused by an integer underflow in XkbSelectEvents. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

Vulnerability Trend

Vendor Advisories

Several vulnerabilities have been discovered in the XOrg X server Missing input sanitising in X server extensions may result in local privilege escalation if the X server is configured to run with root privileges In addition an ASLR bypass was fixed For the stable distribution (buster), these problems have been fixed in version 2:1204-1+deb10 ...

Mailing Lists

Multiple input validation failures in X server extensions ========================================================= All theses issuses can lead to local privileges elevation on systems where the X server is running privileged * CVE-2020-14345 / ZDI CAN 11428 XkbSetNames Out-Of-Bounds Access The handler for the XkbSetNames request does not vali ...