Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-46341
HistoryDec 14, 2022 - 12:00 a.m.

CVE-2022-46341

2022-12-1400:00:00
ubuntu.com
ubuntu.com
15
x.org
vulnerability
local privileges elevation
remote code execution
xipassiveungrab
out-of-bounds memory
x server
ssh x forwarding

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.104

Percentile

95.1%

A vulnerability was found in X.Org. This security flaw occurs because the
handler for the XIPassiveUngrab request accesses out-of-bounds memory when
invoked with a high keycode or button code. This issue can lead to local
privileges elevation on systems where the X server is running privileged
and remote code execution for ssh X forwarding sessions.

Notes

Author Note
mdeslaur xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server This is ZDI-CAN-19381
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxorg-server< 2:1.19.6-1ubuntu4.13UNKNOWN
ubuntu20.04noarchxorg-server< 2:1.20.13-1ubuntu1~20.04.5UNKNOWN
ubuntu22.04noarchxorg-server< 2:21.1.3-2ubuntu2.5UNKNOWN
ubuntu22.10noarchxorg-server< 2:21.1.4-2ubuntu1.3UNKNOWN
ubuntu23.04noarchxorg-server< 2:21.1.5-1ubuntu1UNKNOWN
ubuntu14.04noarchxorg-server< 2:1.15.1-0ubuntu2.11+esm7UNKNOWN
ubuntu16.04noarchxorg-server< 2:1.18.4-0ubuntu0.12+esm5UNKNOWN
ubuntu16.04noarchxorg-server-hwe-16.04< 2:1.19.6-1ubuntu4.1~16.04.6+esm4UNKNOWN
ubuntu18.04noarchxorg-server-hwe-18.04< 2:1.20.8-2ubuntu2.2~18.04.9UNKNOWN
ubuntu22.04noarchxwayland< 2:22.1.1-1ubuntu0.4UNKNOWN
Rows per page:
1-10 of 121

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.104

Percentile

95.1%