Dangling Pointer Vulnerability in X.Org
CVE-2022-4283

7.8HIGH

Key Information:

Vendor: X.org
Status: Xorg-x11-server
Vendor: CVE Published:; 14 December 2022

What is CVE-2022-4283?

A vulnerability in X.Org arises from the XkbCopyNames function, which improperly manages memory, leaving a dangling pointer after freeing memory. This flaw permits out-of-bounds memory access during subsequent XkbGetKbdByName requests. As a result, attackers can achieve local privilege escalation on systems running the X server with elevated privileges and remote code execution via SSH X forwarding sessions, posing a significant security risk.

Affected Version(s)

xorg-x11-server xorg-x11-server-1.20.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=2151761

https://access.redhat.com/security/cve/CVE-2022-4283

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Dec 5, 2022

X.org

What is CVE-2022-4283?

Affected Version(s)

References

CVSS V3.1

Timeline