Lucene search
Jan-Niklas SohnZDI-20-1421HistoryDec 09, 2020 - 12:00 a.m.
X.Org Server XkbSetDeviceInfo Heap-based Buffer Overflow Privilege Escalation Vulnerability
2020-12-0900:00:00
Jan-Niklas Sohn
www.zerodayinitiative.com
10
0.001 Low
EPSS
Percentile
26.7%
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of XkbSetDeviceInfo requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Related
prion
prion
Heap overflow
2020-12-15 17:15:00
Design/Logic Flaw
2022-03-25 19:15:00
debiancve
debiancve
CVE-2020-25712
2020-12-15 17:15:12
CVE-2021-3567
2022-03-25 19:15:09
ubuntucve
ubuntucve
CVE-2020-25712
2020-12-01 00:00:00
CVE-2021-3567
2022-03-25 00:00:00
redos
redos
ROS-20220705-01
2022-07-05 00:00:00
osv
osv
CVE-2020-25712
2020-12-15 17:15:12
xorg-server vulnerabilities
2020-12-07 15:14:43
xorg-server - security update
2020-12-04 00:00:00
redhatcve
redhatcve
CVE-2020-25712
2020-12-01 18:00:39
CVE-2021-3567
2021-05-28 13:13:00
cve
cve
CVE-2020-25712
2020-12-15 17:15:12
CVE-2021-3567
2022-03-25 19:15:09
nessus
nessus
Debian DLA-2675-1 : caribou regression update
2021-06-04 00:00:00
SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2020:3589-1)
2020-12-09 00:00:00
alpinelinux
alpinelinux
CVE-2020-25712
2020-12-15 17:15:12
openvas
openvas
Debian: Security Advisory (DLA-2675)
2023-03-08 00:00:00
Debian: Security Advisory (DLA-2486-1)
2020-12-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:14553-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2020-25712
2020-12-15 16:52:38
CVE-2021-3567
2022-03-25 18:02:48
nvd
nvd
CVE-2020-25712
2020-12-15 17:15:12
CVE-2021-3567
2022-03-25 19:15:09
veracode
veracode
Privilege Escalation
2020-12-04 16:48:02
debian
debian
[SECURITY] [DLA 2675-1] caribou regression update
2021-06-03 12:13:22
[SECURITY] [DSA 4803-1] xorg-server security update
2020-12-04 18:12:18
[SECURITY] [DLA 2486-1] xorg-server security update
2020-12-09 10:27:48
fedora
fedora
[SECURITY] Fedora 32 Update: xorg-x11-server-1.20.10-1.fc32
2020-12-05 01:17:03
[SECURITY] Fedora 33 Update: xorg-x11-server-1.20.10-1.fc33
2020-12-05 01:41:14
archlinux
archlinux
[ASA-202012-6] xorg-server: arbitrary code execution
2020-12-05 00:00:00
freebsd
freebsd
xorg-server -- Multiple input validation failures in X server XKB extension
2020-12-01 00:00:00
suse
suse
Security update for xorg-x11-server (important)
2020-12-07 00:00:00
Security update for xorg-x11-server (important)
2020-12-02 00:00:00
mageia
mageia
Updated x11-server packages fix security vulnerabilities
2020-12-17 16:10:41
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.10-alt1
2020-12-02 00:00:00
ubuntu
ubuntu
X.Org X Server vulnerabilities
2020-12-01 00:00:00
X.Org X Server vulnerabilities
2020-12-07 00:00:00
amazon
amazon
Important: xorg-x11-server
2021-01-25 23:09:00
redhat
redhat
centos
centos
xorg security update
2021-02-27 14:19:46
oraclelinux
oraclelinux
xorg-x11-server security update
2020-12-14 00:00:00
gentoo
gentoo
X.Org X Server: Multiple vulnerabilities
2020-12-07 00:00:00
almalinux
almalinux
rocky
rocky
ibm
ibm