QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2320

Published: Sep 1, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

Vendor	Product	Versions
n/a	xorg-x11-server	affected `xorg-x11-server 21.1`

Weaknesses (CWE)

References

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939

https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc

https://www.zerodayinitiative.com/advisories/ZDI-22-963/

https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20221104-0003/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.