Stack Corruption Vulnerability in X.Org Affects Privileged Systems
CVE-2022-46340

8.8HIGH

Key Information:

Vendor: X.org
Status: Xorg-x11-server
Vendor: CVE Published:; 14 December 2022

What is CVE-2022-46340?

A vulnerability in X.Org's XTest extension has been discovered, which can lead to stack corruption when GenericEvents exceeding 32 bytes are sent via the XTestFakeInput request. This flaw poses risks of local privilege escalation on systems where the X server operates with elevated privileges and can also allow remote code execution in SSH sessions utilizing X forwarding. Systems where the client and server share the same byte order remain unaffected by this issue.

Affected Version(s)

xorg-x11-server xorg-x11-server-1.20.4

References

https://access.redhat.com/security/cve/CVE-2022-46340

https://bugzilla.redhat.com/show_bug.cgi?id=2151755

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Nov 30, 2022

X.org

What is CVE-2022-46340?

Affected Version(s)

References

CVSS V3.1

Timeline