Memory Access Issue in Xorg X11 Server by The X.Org Foundation
CVE-2022-2320

7.8HIGH

Key Information:

Vendor: X.org
Status: Xorg-x11-server
Vendor: CVE Published:; 1 September 2022

What is CVE-2022-2320?

A flaw found in the Xorg X11 Server relates to inadequate validation of user-supplied data within the handling of ProcXkbSetDeviceInfo requests. This oversight can lead to unauthorized memory access, allowing an attacker to escalate privileges and execute arbitrary code with root context. Organizations using vulnerable versions of Xorg should apply available patches to mitigate associated risks.

Affected Version(s)

xorg-x11-server xorg-x11-server 21.1

References

https://gitlab.freedesktop.org/xorg/xserver/-/merge_reque...

https://github.com/freedesktop/xorg-xserver/commit/dd8caf...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2022
Vulnerability Reserved
Jul 5, 2022

X.org

What is CVE-2022-2320?

Affected Version(s)

References

CVSS V3.1

Timeline