PT-2020-6012 · X.Org+8 · X.Org Server+8

Jan-Niklas Sohn

·

Published

2020-08-25

·

Updated

2024-06-15

·

CVE-2020-14345

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 1.20.9
Description A flaw was found in the X.Org Server, specifically in the XkbSetNames function, which may lead to an Out-Of-Bounds access. This issue can result in a privilege escalation vulnerability, posing a threat to data confidentiality and integrity, as well as system availability. The vulnerability is related to a buffer data boundary operation in the xkb.c file of the X Window System Xorg-server. Exploitation of this vulnerability can allow an attacker to access confidential information or cause a denial of service.
Recommendations For versions prior to 1.20.9, update to version 1.20.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the XkbSetNames function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2021:1804
ALT-PU-2020-2670
ALT-PU-2024-1181
ALT-PU-2024-3261
BDU:2021-02598
CESA-2020_4910
CESA-2020_4953
CESA-2021_1804
CVE-2020-14345
DLA-2359-1
DSA-4758-1
MGASA-2020-0350
OPENSUSE-SU-2020:1279-1
OPENSUSE-SU-2020:1302-1
OPENSUSE-SU-2020_1279-1
OPENSUSE-SU-2020_1302-1
OPENSUSE-SU-2024:11525-1
RHSA-2020:4910
RHSA-2020:4953
RHSA-2020_4910
RHSA-2020_4953
RHSA-2021:1804
RHSA-2021_1804
RLSA-2021:1804
SUSE-SU-2020:14463-1
SUSE-SU-2020:2240-1
SUSE-SU-2020:2241-1
SUSE-SU-2020:2242-1
SUSE-SU-2020:2325-1
SUSE-SU-2020:2326-1
SUSE-SU-2020:2331-1
SUSE-SU-2020_14463-1
SUSE-SU-2020_2240-1
SUSE-SU-2020_2241-1
SUSE-SU-2020_2242-1
SUSE-SU-2020_2325-1
SUSE-SU-2020_2326-1
SUSE-SU-2020_2331-1
USN-4488-2
USN-4490-1
ZDI-20-1416

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
X.Org Server