Errata ALT-PU-2022-2257-1: Information
Fixes
Published: July 5, 2022
BDU:2022-04748
Уязвимость обработчика вызовов ProcXkbSetGeometry сервера X.Org Server, позволяющая нарушителю выполнить произвольный код или повысить свои привилегии
Severity: HIGH (7.6) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Links:
Published: Dec. 30, 2021
BDU:2022-04749
Уязвимость обработчика вызовов ProcXkbSetDeviceInfo сервера X.Org Server, позволяющая нарушителю выполнить произвольный код или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 2, 2022
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2022-2319
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938
- https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939
- https://www.zerodayinitiative.com/advisories/ZDI-22-964/
- https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html
- GLSA-202210-30
- https://security.netapp.com/advisory/ntap-20221104-0003/
Published: Sept. 2, 2022
Modified: Feb. 1, 2024
Modified: Feb. 1, 2024
CVE-2022-2320
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938
- https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939
- https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc
- https://www.zerodayinitiative.com/advisories/ZDI-22-963/
- https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html
- GLSA-202210-30
- https://security.netapp.com/advisory/ntap-20221104-0003/