PT-2021-7269 · Unknown+10 · Xorg-X11-Server+10

Jan-Niklas Sohn

Published

2021-04-14

Updated

2024-07-12

CVE-2022-2320

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xorg-x11-server (affected versions not specified)

Description A flaw was found in the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2022:7583

ALSA-2022:8221

ALSA-2022:8222

ALT-PU-2021-1653

ALT-PU-2022-2257

ALT-PU-2023-7278

ALT-PU-2024-3261

AZL-44841

BDU:2022-04749

CESA-2022_5905

CESA-2022_7583

CVE-2022-2320

DLA-3068-1

DSA-5199-1

MGASA-2022-0256

OESA-2022-1834

OESA-2024-1817

OESA-2024-1818

OESA-2024-1819

OPENSUSE-SU-2022_2370-1

OPENSUSE-SU-2022_2375-1

OPENSUSE-SU-2024:12187-1

RHSA-2022:5905

RHSA-2022:7583

RHSA-2022:8221

RHSA-2022:8222

RHSA-2022_5905

RHSA-2022_7583

RHSA-2022_8221

RHSA-2022_8222

RLSA-2022:7583

RLSA-2022:8221

RLSA-2022:8222

SUSE-SU-2022:2369-1

SUSE-SU-2022:2370-1

SUSE-SU-2022:2371-1

SUSE-SU-2022:2372-1

SUSE-SU-2022:2373-1

SUSE-SU-2022:2374-1

SUSE-SU-2022:2375-1

USN-5510-1

USN-5510-2

ZDI-22-963

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Xorg-X11-Server

PT-2021-7269 · Unknown+10 · Xorg-X11-Server+10

CVE-2022-2320

Weakness Enumeration

Related Identifiers

Affected Products

References · 100