8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.7%
A vulnerability was found in X.Org. This security flaw occurs because the
handler for the ScreenSaverSetAttributes request may write to memory after
it has been freed. This issue can lead to local privileges elevation on
systems where the X server is running privileged and remote code execution
for ssh X forwarding sessions.
Author | Note |
---|---|
mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server This is ZDI-CAN-19404 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | xorg-server | < 2:1.19.6-1ubuntu4.13 | UNKNOWN |
ubuntu | 20.04 | noarch | xorg-server | < 2:1.20.13-1ubuntu1~20.04.5 | UNKNOWN |
ubuntu | 22.04 | noarch | xorg-server | < 2:21.1.3-2ubuntu2.5 | UNKNOWN |
ubuntu | 22.10 | noarch | xorg-server | < 2:21.1.4-2ubuntu1.3 | UNKNOWN |
ubuntu | 23.04 | noarch | xorg-server | < 2:21.1.5-1ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | xorg-server | < 2:1.15.1-0ubuntu2.11+esm7 | UNKNOWN |
ubuntu | 16.04 | noarch | xorg-server | < 2:1.18.4-0ubuntu0.12+esm5 | UNKNOWN |
ubuntu | 16.04 | noarch | xorg-server-hwe-16.04 | < 2:1.19.6-1ubuntu4.1~16.04.6+esm4 | UNKNOWN |
ubuntu | 18.04 | noarch | xorg-server-hwe-18.04 | < 2:1.20.8-2ubuntu2.2~18.04.9 | UNKNOWN |
ubuntu | 22.04 | noarch | xwayland | < 2:22.1.1-1ubuntu0.4 | UNKNOWN |