PT-2022-7138 · X.Org+9 · X.Org+9

Jan-Niklas Sohn

·

Published

2022-11-21

·

Updated

2024-10-08

·

CVE-2022-46343

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions X.Org (affected versions not specified)
Description A security flaw was found in the handler for the ScreenSaverSetAttributes request, which may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. The vulnerability can also allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2023:2248
ALSA-2023:2249
ALSA-2023:2257
ALSA-2023:2805
ALSA-2023:2806
ALSA-2023:2830
ALT-PU-2022-3399
ALT-PU-2023-7278
ALT-PU-2024-3261
AZL-44346
BDU:2023-07838
CESA-2023_0045
CESA-2023_0046
CESA-2023_2805
CESA-2023_2806
CESA-2023_2830
CVE-2022-46343
DLA-3256-1
DSA-5304-1
MGASA-2023-0012
OESA-2022-2163
OPENSUSE-SU-2022_4479-1
OPENSUSE-SU-2022_4480-1
OPENSUSE-SU-2022_4487-1
OPENSUSE-SU-2024:12569-1
OPENSUSE-SU-2024:12570-1
RHSA-2023:0045
RHSA-2023:0046
RHSA-2023:2248
RHSA-2023:2249
RHSA-2023:2257
RHSA-2023:2805
RHSA-2023:2806
RHSA-2023:2830
RHSA-2023_0045
RHSA-2023_0046
RHSA-2023_2248
RHSA-2023_2249
RHSA-2023_2257
RHSA-2023_2805
RHSA-2023_2806
RHSA-2023_2830
RHSA-2025:12751
ROSA-SA-2023-2092
ROSA-SA-2023-2095
SUSE-SU-2022:4479-1
SUSE-SU-2022:4480-1
SUSE-SU-2022:4481-1
SUSE-SU-2022:4482-1
SUSE-SU-2022:4483-1
SUSE-SU-2022:4484-1
SUSE-SU-2022:4485-1
SUSE-SU-2022:4487-1
USN-5778-1
USN-5778-2
ZDI-22-1698

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Suse
Ubuntu
X.Org