QwikSec

Security Database

CVE

CWE

Training

CVE-2022-46340

Published: Dec 14, 2022

Modified: Apr 22, 2025

PUBLISHED

Description

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.

Vendor	Product	Versions
n/a	xorg-x11-server	affected `xorg-x11-server-1.20.4`

References

https://access.redhat.com/security/cve/CVE-2022-46340

https://bugzilla.redhat.com/show_bug.cgi?id=2151755

FEDORA-2022-c3a65f7c65

vendor-advisory

FEDORA-2022-721a78b7e5

vendor-advisory

vendor-advisory

FEDORA-2022-3d88188071

vendor-advisory

FEDORA-2022-dd3eb7e0a8

vendor-advisory

https://security.gentoo.org/glsa/202305-30

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.