Lucene search

K
redosRedosROS-20241008-06
HistoryOct 08, 2024 - 12:00 a.m.

ROS-20241008-06

2024-10-0800:00:00
redos.red-soft.ru
8
x.org
xwayland
wayland
vulnerability
data compromise
denial of service
buffer boundaries
memory usage
sensitive data
confidentiality
remote access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low

Vulnerability of the XTestSwapFakeInput function of the X Window System X.Org Server implementation, an implementation of the Wayland
Wayland protocol for X.Org XWayland is related to writing outside buffer boundaries. Exploitation of the vulnerability
allows an attacker acting remotely to gain access to sensitive data, compromise its
integrity, as well as cause a denial of service

Vulnerability of ScreenSaverSetAttributes function of X Window System X.Org Server implementation, implementation of the
Wayland protocol for X.Org XWayland is related to memory usage after its release. Exploitation
vulnerability allows an attacker acting remotely to gain access to sensitive data,
compromise its integrity, and cause a denial of service.

Vulnerability in the ProcXIPassiveUngrabDevice function of the Wayland protocol implementation for X.Org XWayland, an implementation of the X.Org XWayland
X Window System X.Org Server is related to writing outside of buffer boundaries. Exploitation of the vulnerability
allows an attacker acting remotely to gain access to sensitive data, compromise its
integrity, as well as cause a denial of service

Vulnerability of ProcXIChangeProperty and ProcXChangeDeviceProperty functions of X Window System server implementation
X.Org Server, Wayland protocol implementation for X.Org XWayland is related to reading outside the allowed boundaries of the
data buffer. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the
confidential data, compromise its integrity, and cause a denial of service

Vulnerability of XkbCopyNames function in X Window System X.Org Server implementation of the Wayland for X.Org protocol.
Wayland for X.Org XWayland protocol implementation is related to memory usage after release.
allows an attacker to gain access to sensitive data by escalating privileges and executing
arbitrary code

Vulnerability in the XvdiSelectVideoNotify function of the X Window System X.Org Server implementation, an implementation of the
Wayland protocol for X.Org XWayland is related to memory usage after its release. Exploitation
vulnerability allows a remote attacker to gain access to sensitive data,
compromise its integrity, and cause a denial of service.

Vulnerability of XkbCopyNames function in X Window System X.Org Server implementation of the Wayland for X.Org protocol.
Wayland for X.Org XWayland is related to a re-release vulnerability. Exploitation of the vulnerability allows
an attacker to gain access to confidential data, violate its integrity

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64xorg-x11-server-xorg< 1.20.14-13UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

Low