CVE-2022-2320
Summary
| CVE | CVE-2022-2320 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-09-01 21:15:00 UTC |
|---|
| Updated | 2024-02-01 02:27:00 UTC |
|---|
| Description | A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
X.org |
Xorg-server |
21.1.0 |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| [server 21.1] Fix CVE-2022-2319, CVE-2022-2320 (!939) · Merge requests · xorg / xserver · GitLab |
MISC |
gitlab.freedesktop.org |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| September 2022 X.Org X Server Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| 2106683 – (CVE-2022-2320, ZDI-CAN-16070) CVE-2022-2320 xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension |
MISC |
bugzilla.redhat.com |
|
| ZDI-22-963 | Zero Day Initiative |
MISC |
www.zerodayinitiative.com |
|
| X.Org Security Advisory: July 12, 2022 |
MISC |
lists.freedesktop.org |
|
| xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck · freedesktop/xorg-xserver@dd8caf3 · GitHub |
MISC |
github.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202210-30) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Fix CVE-2022-2319, CVE-2022-2320 (!938) · Merge requests · xorg / xserver · GitLab |
MISC |
gitlab.freedesktop.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160023 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2022-5905)
- 160220 Oracle Enterprise Linux Security Update for xorg-x11-server and xorg-x11-server-xwayland (ELSA-2022-7583)
- 160269 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2022-8221)
- 160298 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2022-8222)
- 180917 Debian Security Update for xorg-server (DLA 3068-1)
- 180918 Debian Security Update for xorg-server (DSA 5199-1)
- 183307 Debian Security Update for xwaylandxorg-server (CVE-2022-2320)
- 198854 Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5510-1)
- 240593 Red Hat Update for xorg-x11-server (RHSA-2022:5905)
- 240841 Red Hat Update for xorg-x11-server and xorg-x11-server-xwayland (RHSA-2022:7583)
- 240872 Red Hat Update for xorg-x11-server (RHSA-2022:8221)
- 240883 Red Hat Update for xorg-x11-server-xwayland (RHSA-2022:8222)
- 257186 CentOS Security Update for xorg-x11-server (CESA-2022:5905)
- 282936 Fedora Security Update for xorg (FEDORA-2022-856bb475b7)
- 282937 Fedora Security Update for xorg (FEDORA-2022-6807c29d58)
- 282983 Fedora Security Update for xorg (FEDORA-2022-8e787b2a5c)
- 282984 Fedora Security Update for xorg (FEDORA-2022-573714ca6b)
- 296083 Oracle Solaris 11.4 Support Repository Update (SRU) 49.126.2 Missing (CPUOCT2022)
- 354077 Amazon Linux Security Advisory for xorg-x11-server : ALAS2-2022-1856
- 354751 Amazon Linux Security Advisory for xorg-x11-server : ALAS-2023-1689
- 355062 Amazon Linux Security Advisory for xorg-x11-server : AL2012-2023-386
- 502430 Alpine Linux Security Update for xorg-server
- 502970 Alpine Linux Security Update for xorg-server
- 505837 Alpine Linux Security Update for xorg-server
- 672143 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2452)
- 672206 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2484)
- 672227 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2640)
- 672267 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2672)
- 672279 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2704)
- 672334 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2785)
- 672385 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2750)
- 710658 Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202210-30)
- 752337 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2375-1)
- 752339 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2369-1)
- 752343 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2373-1)
- 752344 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2374-1)
- 752345 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2370-1)
- 752346 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2371-1)
- 940755 AlmaLinux Security Update for xorg-x11-server and xorg-x11-server-Xwayland (ALSA-2022:7583)
- 940806 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2022:8222)
- 940807 AlmaLinux Security Update for xorg-x11-server (ALSA-2022:8221)
- 960185 Rocky Linux Security Update for xorg-x11-server and xorg-x11-server-Xwayland (RLSA-2022:7583)
- 960508 Rocky Linux Security Update for xorg-x11-server-Xwayland (RLSA-2022:8222)
- 960627 Rocky Linux Security Update for xorg-x11-server (RLSA-2022:8221)
