BDU:2022-04748

Уязвимость обработчика вызовов ProcXkbSetGeometry сервера X.Org Server, позволяющая нарушителю выполнить произвольный код или повысить свои привилегии

Severity: HIGH (7.6) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

References:

CVE-2022-2319

Published: 2021-12-30

BDU:2022-04749

Уязвимость обработчика вызовов ProcXkbSetDeviceInfo сервера X.Org Server, позволяющая нарушителю выполнить произвольный код или повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-09-02
Modified: 2024-11-21

CVE-2022-2319

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-09-02
Modified: 2024-11-21

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package xorg-xwayland update in sisyphus on 2021-04-14

ALT-PU-2021-1653-1

Closed vulnerabilities

BDU:2022-04748

BDU:2022-04749

CVE-2022-2319

CVE-2022-2320