PT-2020-5815 · Xorg+9 · Xorg-X11-Server+9

Jan-Niklas Sohn

Published

2020-12-01

Updated

2024-06-15

CVE-2020-25712

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: xorg-x11-server versions prior to 1.20.10

Description: A flaw was found in the xorg-x11-server, specifically a heap-buffer overflow in the XkbSetDeviceInfo function, which may lead to a privilege escalation issue. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations: For versions prior to 1.20.10, update to version 1.20.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the XkbSetDeviceInfo function until a patch is available.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2021:1804

ALT-PU-2020-3437

ALT-PU-2020-3440

ALT-PU-2021-1956

AZL-78248

BDU:2021-01784

CESA-2020_5408

CESA-2021_1804

CVE-2020-25712

DLA-2486-1

DLA-2675-1

DSA-4803-1

MGASA-2020-0456

OESA-2021-1078

OPENSUSE-SU-2020:2147-1

OPENSUSE-SU-2020:2186-1

OPENSUSE-SU-2020_2147-1

OPENSUSE-SU-2020_2186-1

OPENSUSE-SU-2024:11525-1

RHSA-2020:5408

RHSA-2020_5408

RHSA-2021:1804

RHSA-2021_1804

RLSA-2021:1804

SUSE-SU-2020:14553-1

SUSE-SU-2020:3582-1

SUSE-SU-2020:3585-1

SUSE-SU-2020:3586-1

SUSE-SU-2020:3587-1

SUSE-SU-2020:3588-1

SUSE-SU-2020:3589-1

SUSE-SU-2020_14553-1

USN-4656-1

USN-4656-2

ZDI-20-1421

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Xorg-X11-Server

PT-2020-5815 · Xorg+9 · Xorg-X11-Server+9

CVE-2020-25712

Weakness Enumeration

Related Identifiers

Affected Products

References · 125