CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.1%
Vulnerability of xorg-x11-server package is related to memory usage after it is freed when processing Button Action objects.
Button Action objects. Exploitation of the vulnerability could allow an attacker to elevate his privileges and
execute arbitrary code in root context
The xorg-server package vulnerability is related to the created requests for RRChangeProviderProperty or
RRChangeOutputProperty causing an integer overflow. Exploitation of the vulnerability could allow
an attacker acting remotely to disclose sensitive information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | xorg-x11-server-common | < 1.20.14-10 | UNKNOWN |