CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.3%
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent
function, it is possible to exceed the allocated array length when certain
new device IDs are added to the xXIHierarchyInfo struct. This can trigger a
heap buffer overflow condition, which may lead to an application crash or
remote code execution in SSH X11 forwarding environments.
Author | Note |
---|---|
mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | xorg-server | < 2:1.19.6-1ubuntu4.15+esm4 | UNKNOWN |
ubuntu | 20.04 | noarch | xorg-server | < 2:1.20.13-1ubuntu1~20.04.14 | UNKNOWN |
ubuntu | 22.04 | noarch | xorg-server | < 2:21.1.4-2ubuntu1.7~22.04.7 | UNKNOWN |
ubuntu | 23.04 | noarch | xorg-server | < 2:21.1.7-1ubuntu3.6 | UNKNOWN |
ubuntu | 23.10 | noarch | xorg-server | < 2:21.1.7-3ubuntu2.6 | UNKNOWN |
ubuntu | 24.04 | noarch | xorg-server | < 2:21.1.11-1ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | xorg-server | < 2:1.15.1-0ubuntu2.11+esm9 | UNKNOWN |
ubuntu | 16.04 | noarch | xorg-server | < 2:1.18.4-0ubuntu0.12+esm9 | UNKNOWN |
ubuntu | 16.04 | noarch | xorg-server-hwe-16.04 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | xorg-server-hwe-18.04 | < any | UNKNOWN |