Out-of-Bounds Memory Read Vulnerability in X.Org Affecting Privileged Systems
CVE-2022-46344

8.8HIGH

Key Information:

Vendor: X.org
Status: Xorg-x11-server
Vendor: CVE Published:; 14 December 2022

What is CVE-2022-46344?

A vulnerability exists within the X.Org Server that relates to improper length validation in the handler for the XIChangeProperty request. This flaw can lead to out-of-bounds memory reads, posing a risk of information disclosure. Particularly concerning is the potential for local privilege escalation on systems where the X server operates with heightened permissions or during SSH X forwarding sessions, which may allow for remote code execution. Organizations using affected versions should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

xorg-x11-server xorg-x11-server-1.20.4

References

https://access.redhat.com/security/cve/CVE-2022-46344

https://bugzilla.redhat.com/show_bug.cgi?id=2151760

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2022
Vulnerability Reserved
Nov 30, 2022

X.org

What is CVE-2022-46344?

Affected Version(s)

References

CVSS V3.1

Timeline