Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-46341HistoryDec 14, 2022 - 9:15 p.m.
CVE-2022-46341
2022-12-1421:15:13
Debian Security Bug Tracker
security-tracker.debian.org
14
x.org
vulnerability
local privilege elevation
remote code execution
x server
ssh x forwarding
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.036 Low
EPSS
Percentile
91.7%
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | xorg-server | < 2:21.1.5-1 | xorg-server_2:21.1.5-1_all.deb |
| Debian | 11 | all | xorg-server | < 2:1.20.11-1+deb11u4 | xorg-server_2:1.20.11-1+deb11u4_all.deb |
| Debian | 999 | all | xorg-server | < 2:21.1.5-1 | xorg-server_2:21.1.5-1_all.deb |
| Debian | 13 | all | xorg-server | < 2:21.1.5-1 | xorg-server_2:21.1.5-1_all.deb |
| Debian | 12 | all | xwayland | < 2:22.1.6-1 | xwayland_2:22.1.6-1_all.deb |
| Debian | 999 | all | xwayland | < 2:22.1.6-1 | xwayland_2:22.1.6-1_all.deb |
| Debian | 13 | all | xwayland | < 2:22.1.6-1 | xwayland_2:22.1.6-1_all.deb |
Related
veracode
veracode
Remote Code Execution (RCE)
2022-12-24 07:43:55
zdi
zdi
prion
prion
Design/Logic Flaw
2022-12-14 21:15:00
cve
cve
CVE-2022-46341
2022-12-14 21:15:13
redhatcve
redhatcve
CVE-2022-46341
2022-12-14 05:05:06
cvelist
cvelist
CVE-2022-46341
2022-12-14 00:00:00
ubuntucve
ubuntucve
CVE-2022-46341
2022-12-14 00:00:00
nvd
nvd
CVE-2022-46341
2022-12-14 21:15:13
osv
osv
CVE-2022-46341
2022-12-14 21:15:13
xorg-server, xorg-server-hwe-18.04, xwayland vulnerabilities
2022-12-14 12:33:11
Moderate: tigervnc security and bug fix update
2023-05-16 00:00:00
alpinelinux
alpinelinux
CVE-2022-46341
2022-12-14 21:15:13
nessus
nessus
Scientific Linux Security Update : xorg-x11-server on SL7.x i686/x86_64 (2023:0046)
2023-01-11 00:00:00
Scientific Linux Security Update : tigervnc on SL7.x x86_64 (2023:0045)
2023-01-11 00:00:00
Oracle Linux 7 : xorg-x11-server (ELSA-2023-0046)
2023-01-09 00:00:00
openvas
openvas
Fedora: Security Advisory for xorg-x11-server (FEDORA-2022-dd3eb7e0a8)
2022-12-26 00:00:00
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2023-2345)
2023-07-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4483-1)
2022-12-15 00:00:00
oraclelinux
oraclelinux
xorg-x11-server security update
2023-01-09 00:00:00
tigervnc security and bug fix update
2023-05-24 00:00:00
tigervnc security update
2023-01-09 00:00:00
mageia
mageia
Updated x11-server packages fix security vulnerability
2023-01-24 10:58:24
redhat
redhat
(RHSA-2023:2257) Moderate: tigervnc security and bug fix update
2023-05-09 05:05:12
(RHSA-2023:2830) Moderate: tigervnc security and bug fix update
2023-05-16 05:55:54
(RHSA-2023:0045) Important: tigervnc security update
2023-01-09 14:20:51
centos
centos
tigervnc security update
2023-01-30 16:44:07
xorg security update
2023-01-30 16:41:38
almalinux
almalinux
Moderate: tigervnc security and bug fix update
2023-05-16 00:00:00
Moderate: tigervnc security and bug fix update
2023-05-09 00:00:00
Moderate: xorg-x11-server-Xwayland security update
2023-05-09 00:00:00
ubuntu
ubuntu
X.Org X Server vulnerabilities
2022-12-14 00:00:00
X.Org X Server vulnerabilities
2023-02-16 00:00:00
slackware
slackware
[slackware-security] xorg-server
2022-12-14 21:30:53
[slackware-security] tigervnc
2023-11-13 19:27:10
debian
debian
[SECURITY] [DLA 3256-1] xorg-server security update
2022-12-31 12:45:53
[SECURITY] [DSA 5304-1] xorg-server security update
2022-12-20 19:51:14
freebsd
freebsd
xorg-server -- Multiple security issues in X server extensions
2022-12-14 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: xorg-x11-server-Xwayland-22.1.7-1.fc36
2023-01-04 01:33:23
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36
2022-12-26 01:17:10
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37
2022-12-16 01:58:02
rosalinux
rosalinux
Advisory ROSA-SA-2023-2095
2023-02-07 08:27:40
Advisory ROSA-SA-2023-2092
2023-02-02 09:29:40
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.14-alt5
2022-12-14 00:00:00
amazon
amazon
Important: xorg-x11-server
2023-03-02 22:35:00
Important: xorg-x11-server
2023-02-17 00:02:00
gentoo
gentoo
X.Org X server, XWayland: Multiple Vulnerabilities
2023-05-30 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.036 Low
EPSS
Percentile
91.7%
Related for DEBIANCVE:CVE-2022-46341