PT-2020-5333 · X.Org+8 · X.Org Server+8

Jan-Niklas Sohn

·

Published

2020-08-25

·

Updated

2024-06-15

·

CVE-2020-14361

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 1.20.9
Description A flaw was found in the X.Org Server, related to an integer underflow in the SProcXkbSelectEvents function, which can lead to a heap-buffer overflow. This issue may result in a privilege escalation vulnerability, posing a threat to data confidentiality and integrity, as well as system availability. The vulnerability allows an attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For versions prior to 1.20.9, update to version 1.20.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the SProcXkbSelectEvents function in the xkbSwap.c file until a patch is available.

Exploit

Fix

Integer Overflow

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-191

Related Identifiers

ALSA-2021:1804
ALT-PU-2020-2670
ALT-PU-2020-2837
BDU:2021-00127
CESA-2020_4910
CESA-2020_4953
CESA-2021_1804
CVE-2020-14361
DLA-2359-1
DSA-4758-1
MGASA-2020-0350
OPENSUSE-SU-2020:1374-1
OPENSUSE-SU-2020:1376-1
OPENSUSE-SU-2020_1374-1
OPENSUSE-SU-2020_1376-1
OPENSUSE-SU-2024:11525-1
RHSA-2020:4910
RHSA-2020:4953
RHSA-2020_4910
RHSA-2020_4953
RHSA-2021:1804
RHSA-2021_1804
RLSA-2021:1804
SUSE-SU-2020:14475-1
SUSE-SU-2020:2398-1
SUSE-SU-2020:2399-1
SUSE-SU-2020:2401-1
SUSE-SU-2020:2407-1
SUSE-SU-2020:2452-1
SUSE-SU-2020:2481-1
SUSE-SU-2020_14475-1
SUSE-SU-2020_2398-1
SUSE-SU-2020_2399-1
SUSE-SU-2020_2401-1
SUSE-SU-2020_2407-1
SUSE-SU-2020_2452-1
SUSE-SU-2020_2481-1
USN-4488-1
USN-4488-2
ZDI-20-1418

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
X.Org Server