A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. (CVE-2022-2319) A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an malicious user to escalate privileges and execute arbitrary code in the context of root. (CVE-2022-2320)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x.org xorg-server 21.1.0 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Arbitrary code execution flaws in the X Keyboard Extension were bad news
X.org has released a bunch of updates, which includes closing two security holes and, yes, this affects Wayland users too. A batch of updates to X.org's suite of X11 servers and components just appeared. Among the new features, there were also fixes for two security holes mentioned in an X.org Foundation security advisory, which covers CVE-2022-2319 and CVE-2022-2320. Although the X window system is pretty old, it's still everywhere, including on almost every xNix operating system that has a gra...