PT-2015-6084 · X.Org+1 · Xwayland+1

Ray Strode

Published

2015-07-01

Updated

2025-08-29

CVE-2015-3164

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions XWayland versions 1.16.x through 1.17.1

Description The issue concerns the authentication setup in XWayland, which starts the server in non-authenticating mode. This allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.

Recommendations For XWayland versions 1.16.x through 1.17.1, update to version 1.17.2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2015-2031

CVE-2015-3164

MGASA-2015-0316

OPENSUSE-SU-2024:10518-1

Affected Products

Alt Linux

Xwayland

PT-2015-6084 · X.Org+1 · Xwayland+1

CVE-2015-3164

Weakness Enumeration

Related Identifiers

Affected Products

References · 19