Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2022-4283

Published: 14/12/2022 Updated: 30/05/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Xorg-server

Vulnerability Summary

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an malicious user to escalate privileges and execute arbitrary code in the context of root. (CVE-2022-2320) A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. (CVE-2022-4283) A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order. (CVE-2022-46340) A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. (CVE-2022-46341) A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se (CVE-2022-46342) A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. (CVE-2022-46343) A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. (CVE-2022-46344)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org xorg-server 1.20.4

fedoraproject fedora 36

fedoraproject fedora 37

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

redhat enterprise linux 9.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: xorg-server: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344
Debian Bug report logs - #1026071 xorg-server: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 14 Dec ...
Debian Security Advisories: DSA-5304-1 xorg-server -- security update
Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the XOrg X server, which may result in privilege escalation if the X server is running privileged For the stable distribution (bullseye), these problems have been fixed in version 2:12011-1+deb11u4 We recommend that you upgrade your xorg-server packages For the detai ...
Red Hat: Moderate: xorg-x11-server-Xwayland security update
Synopsis Moderate: xorg-x11-server-Xwayland security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9Red Hat Product Security ha ...
Red Hat: Moderate: xorg-x11-server security and bug fix update
Synopsis Moderate: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rate ...
Red Hat: Important: tigervnc security update
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having ...
Red Hat: Moderate: xorg-x11-server security and bug fix update
Synopsis Moderate: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...
Red Hat: Important: xorg-x11-server security update
Synopsis Important: xorg-x11-server security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this upd ...
Amazon Linux AMI: ALAS-2023-1689
A flaw was found in the Xorg-x11-server The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer This flaw allows an attacker to escalate privileges and execute arbitrary code in ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Amazon Linux 2022: ALAS-2023-287
ALAS-2023-287 Amazon Linux 2022 Security Advisory: ALAS-2023-287 Advisory Release Date: 2023-01-31 21:11 Pacific Advisory Updated Date: 2023-01-31 21:11 Pac ...

References

CWE-416https://bugzilla.redhat.com/show_bug.cgi?id=2151761https://access.redhat.com/security/cve/CVE-2022-4283https://www.debian.org/security/2022/dsa-5304https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/https://security.gentoo.org/glsa/202305-30https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026071https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5304https://alas.aws.amazon.com/ALAS-2023-1689.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook