Описание
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:1.19.6-1ubuntu4.13 |
| devel | released | 2:21.1.5-1ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 2:1.15.1-0ubuntu2.11+esm7 |
| esm-infra/bionic | not-affected | 2:1.19.6-1ubuntu4.13 |
| esm-infra/focal | not-affected | 2:1.20.13-1ubuntu1~20.04.5 |
| esm-infra/xenial | released | 2:1.18.4-0ubuntu0.12+esm5 |
| focal | released | 2:1.20.13-1ubuntu1~20.04.5 |
| jammy | released | 2:21.1.3-2ubuntu2.5 |
| kinetic | released | 2:21.1.4-2ubuntu1.3 |
| lunar | released | 2:21.1.5-1ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 2:1.19.6-1ubuntu4.1~16.04.6+esm4 |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:1.20.8-2ubuntu2.2~18.04.9 |
| esm-infra/bionic | not-affected | 2:1.20.8-2ubuntu2.2~18.04.9 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 2:22.1.6-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 2:22.1.1-1ubuntu0.4 |
| kinetic | released | 2:22.1.3-2ubuntu0.2 |
| lunar | released | 2:22.1.6-1 |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because ...
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Уязвимость функций ProcXIChangeProperty и ProcXChangeDeviceProperty реализации сервера X Window System X.Org Server, реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3