7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.9%
The X.Org Server vulnerability is related to the fact that after calling free() a pointer bound to the buffer did not have the
NULL sign, which led to further access to the buffer after its freeing (use-after-free) in the DeepCopyPointerClasses function used in the X Input extension.
DeepCopyPointerClasses function used in the X Input extension. Exploitation of the vulnerability could
allow an attacker acting remotely to manipulate the data processed in the
ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() functions, read and write the data into
the freed memory area and get your code to execute with X-server privileges
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | xorg-x11-server-xorg | <= 1.20.14-5 | UNKNOWN |