PT-2022-7139 · X.Org+9 · X.Org+9

Jan-Niklas Sohn

·

Published

2022-11-21

·

Updated

2024-10-08

·

CVE-2022-46344

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions X.Org (affected versions not specified)
Description A security flaw was found in the handler for the XIChangeProperty request, resulting in length-validation issues and out-of-bounds memory reads. This can lead to potential information disclosure, local privileges elevation on systems where the X server is running privileged, and remote code execution for ssh X forwarding sessions. The issue is related to reading beyond the valid boundaries of a data buffer.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:2248
ALSA-2023:2249
ALSA-2023:2257
ALSA-2023:2805
ALSA-2023:2806
ALSA-2023:2830
ALT-PU-2022-3399
ALT-PU-2023-7278
ALT-PU-2024-3261
AZL-44550
BDU:2023-07839
CESA-2023_0045
CESA-2023_0046
CESA-2023_2805
CESA-2023_2806
CESA-2023_2830
CVE-2022-46344
DLA-3256-1
DSA-5304-1
MGASA-2023-0012
OESA-2022-2163
OPENSUSE-SU-2022_4479-1
OPENSUSE-SU-2022_4480-1
OPENSUSE-SU-2022_4487-1
OPENSUSE-SU-2024:12569-1
OPENSUSE-SU-2024:12570-1
RHSA-2023:0045
RHSA-2023:0046
RHSA-2023:2248
RHSA-2023:2249
RHSA-2023:2257
RHSA-2023:2805
RHSA-2023:2806
RHSA-2023:2830
RHSA-2023_0045
RHSA-2023_0046
RHSA-2023_2248
RHSA-2023_2249
RHSA-2023_2257
RHSA-2023_2805
RHSA-2023_2806
RHSA-2023_2830
RHSA-2025:12751
ROSA-SA-2023-2092
ROSA-SA-2023-2095
SUSE-SU-2022:4479-1
SUSE-SU-2022:4480-1
SUSE-SU-2022:4481-1
SUSE-SU-2022:4482-1
SUSE-SU-2022:4483-1
SUSE-SU-2022:4484-1
SUSE-SU-2022:4485-1
SUSE-SU-2022:4487-1
USN-5778-1
USN-5778-2
ZDI-22-1699

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Suse
Ubuntu
X.Org