Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-2320

Published: 01/09/2022 Updated: 01/02/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Xorg-server

Vulnerability Summary

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an malicious user to escalate privileges and execute arbitrary code in the context of root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org xorg-server 21.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: xorg-server: CVE-2022-2319 CVE-2022-2320
Debian Bug report logs - #1014903 xorg-server: CVE-2022-2319 CVE-2022-2320 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Jul 2022 08:18:01 UTC Severity: grave Tags: security, upstream ...
Debian Security Advisories: DSA-5199-1 xorg-server -- security update
Jan-Niklas Sohn discovered that multiple input validation failures in the Xkb extension of the Xorg X server may result in privilege escalation if the X server is running privileged For the stable distribution (bullseye), these problems have been fixed in version 2:12011-1+deb11u2 We recommend that you upgrade your xorg-server packages For th ...
Red Hat: Moderate: xorg-x11-server-Xwayland security update
Synopsis Moderate: xorg-x11-server-Xwayland security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9Red Hat Product Security ha ...
Red Hat: Moderate: xorg-x11-server security and bug fix update
Synopsis Moderate: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...
Red Hat: Important: xorg-x11-server security update
Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this upd ...
Amazon Linux 2: ALAS2-2022-1856
A flaw was found in the Xorg-x11-server An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length (CVE-2022-2319) A flaw was found in the Xorg-x11-server The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests The issue results from the lack of proper valida ...
Amazon Linux AMI: ALAS-2023-1689
A flaw was found in the Xorg-x11-server The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer This flaw allows an attacker to escalate privileges and execute arbitrary code in ...
Arch Linux Issues:
The handler for the ProcXkbSetGeometry request of the Xkb extension does not properly validate the request length leading to out of bounds memory write ...

Recent Articles

X.org servers update closes 2 security holes, adds neat component tweaks
The Register • Liam Proven in Prague • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Arbitrary code execution flaws in the X Keyboard Extension were bad news

X.org has released a bunch of updates, which includes closing two security holes and, yes, this affects Wayland users too. A batch of updates to X.org's suite of X11 servers and components just appeared. Among the new features, there were also fixes for two security holes mentioned in an X.org Foundation security advisory, which covers CVE-2022-2319 and CVE-2022-2320. Although the X window system is pretty old, it's still everywhere, including on almost every xNix operating system that has a gra...

Read more...

References

CWE-787https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dchttps://www.zerodayinitiative.com/advisories/ZDI-22-963/https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.htmlhttps://security.gentoo.org/glsa/202210-30https://security.netapp.com/advisory/ntap-20221104-0003/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014903https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5199
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook