Out-of-bounds Write

2024-01-2111:28:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

x.org server

out-of-bounds write

xephyr

xwayland

cursor code

xselinux context

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.2%

JSON

X.Org server is vulnerable to Out-of-bounds Write. The vulnerability is caused due to the cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CPENameOperatorVersion
xwayland:sideq2:1.20.11-1
xwayland:sideq2:1.20.8-2
xwayland:3.19eq23.2.2-r0
xorg-server:3.19eq21.1.9-r0
xorg-server:3.19eq21.1.8-r3
xwayland:edgeeq21.1.0-r1
xwayland:edgeeq23.1.2-r1
xwayland:edgeeq21.1.1-r0
xwayland:edgeeq22.1.3-r1
xwayland:edgeeq22.1.5-r0

Name	Operator	Version
xwayland:sid	eq	2:1.20.11-1
xwayland:sid	eq	2:1.20.8-2
xwayland:3.19	eq	23.2.2-r0
xorg-server:3.19	eq	21.1.9-r0
xorg-server:3.19	eq	21.1.8-r3
xwayland:edge	eq	21.1.0-r1
xwayland:edge	eq	23.1.2-r1
xwayland:edge	eq	21.1.1-r0
xwayland:edge	eq	22.1.3-r1
xwayland:edge	eq	22.1.5-r0