Lucene search

K
nvd[email protected]NVD:CVE-2022-4283
HistoryDec 14, 2022 - 9:15 p.m.

CVE-2022-4283

2022-12-1421:15:14
CWE-416
web.nvd.nist.gov
x.org
vulnerability
local privileges
remote code execution
memory access

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

65.0%

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests… This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Affected configurations

NVD
Node
x.orgxorg-serverMatch1.20.4
Node
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
Node
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
Node
debiandebian_linuxMatch11.0

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

65.0%