Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-46342

Опубликовано: 14 дек. 2022
Источник: redhat
CVSS3: 8.8
EPSS Низкий

Описание

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Отчет

Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6tigervncOut of support scope
Red Hat Enterprise Linux 6xorg-x11-serverOut of support scope
Red Hat Enterprise Linux 7tigervncFixedRHSA-2023:004509.01.2023
Red Hat Enterprise Linux 7xorg-x11-serverFixedRHSA-2023:004609.01.2023
Red Hat Enterprise Linux 8xorg-x11-server-XwaylandFixedRHSA-2023:280516.05.2023
Red Hat Enterprise Linux 8xorg-x11-serverFixedRHSA-2023:280616.05.2023
Red Hat Enterprise Linux 8tigervncFixedRHSA-2023:283016.05.2023
Red Hat Enterprise Linux 9xorg-x11-serverFixedRHSA-2023:224809.05.2023
Red Hat Enterprise Linux 9xorg-x11-server-XwaylandFixedRHSA-2023:224909.05.2023
Red Hat Enterprise Linux 9tigervncFixedRHSA-2023:225709.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2151757xorg-x11-server: XvdiSelectVideoNotify use-after-free

EPSS

Процентиль: 28%
0.00094
Низкий

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-46342

CVSS3: 8.8
ubuntu
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

nvd логотип

CVE-2022-46342

CVSS3: 8.8
nvd
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

debian логотип

CVE-2022-46342

CVSS3: 8.8
debian
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because ...

github логотип

GHSA-5hp7-2mv5-p69r

CVSS3: 8.8
github
больше 2 лет назад

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

fstec логотип

BDU:2023-07837

CVSS3: 8.8
fstec
больше 2 лет назад

Уязвимость функции XvdiSelectVideoNotify реализации сервера X Window System X.Org Server, реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 28%
0.00094
Низкий

8.8 High

CVSS3