PT-2020-6202 · X.Org+8 · X.Org Server+8

Jan-Niklas Sohn

·

Published

2020-12-01

·

Updated

2024-06-15

·

CVE-2020-14360

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions X.Org Server versions prior to 1.20.10
Description A flaw was found in the X.Org Server, specifically an out-of-bounds access in the XkbSetMap function, which may lead to a privilege escalation issue. The highest threat from this issue is to data confidentiality and integrity as well as system availability. This could allow an attacker to access confidential data, compromise their integrity, and cause a denial of service.
Recommendations For versions prior to 1.20.10, update to version 1.20.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the XkbSetMap function until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2021:1804
ALT-PU-2020-3437
ALT-PU-2020-3440
ALT-PU-2021-1956
BDU:2021-03541
CESA-2020_5408
CESA-2021_1804
CVE-2020-14360
DLA-2486-1
DSA-4803-1
MGASA-2020-0456
OPENSUSE-SU-2020:2147-1
OPENSUSE-SU-2020:2186-1
OPENSUSE-SU-2020_2147-1
OPENSUSE-SU-2020_2186-1
OPENSUSE-SU-2024:11525-1
RHSA-2020:5408
RHSA-2020_5408
RHSA-2021:1804
RHSA-2021_1804
RLSA-2021:1804
SUSE-SU-2020:14553-1
SUSE-SU-2020:3582-1
SUSE-SU-2020:3585-1
SUSE-SU-2020:3586-1
SUSE-SU-2020:3587-1
SUSE-SU-2020:3588-1
SUSE-SU-2020:3589-1
SUSE-SU-2020_14553-1
SUSE-SU-2020_3582-1
SUSE-SU-2020_3585-1
SUSE-SU-2020_3586-1
SUSE-SU-2020_3587-1
SUSE-SU-2020_3588-1
SUSE-SU-2020_3589-1
USN-4656-1
USN-4656-2
ZDI-20-1420

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
X.Org Server