Integer Underflow Flaw in X.Org Server Impacting System Integrity
CVE-2020-14362

7.8HIGH

Key Information:

Vendor: X.org
Status: Xorg-x11-server
Vendor: CVE Published:; 15 September 2020

What is CVE-2020-14362?

A vulnerability exists in X.Org Server versions before 1.20.9, whereby an integer underflow can lead to a heap-buffer overflow. This may allow an attacker to escalate privileges, posing a significant risk to data confidentiality, integrity, and overall system availability. Users are advised to update to the latest version to mitigate this security risk.

Affected Version(s)

xorg-x11-server before xorg-x11-server 1.20.9

References

https://lists.x.org/archives/xorg-announce/2020-August/00...

https://bugzilla.redhat.com/show_bug.cgi?id=1869144

https://usn.ubuntu.com/4488-2/

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2020
Vulnerability Reserved
Jun 17, 2020

X.org

What is CVE-2020-14362?

Affected Version(s)

References

CVSS V3.1

Timeline