CVE-2022-4283

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-4283
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-12-14 21:15:00 UTC
Updated2023-05-30 06:16:00 UTC
DescriptionA vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 11.0 All All All
Operating System Fedoraproject Fedora 36 All All All
Operating System Fedoraproject Fedora 37 All All All
Operating System Redhat Enterprise Linux 6.0 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 8.0 All All All
Operating System Redhat Enterprise Linux 9.0 All All All
Application X.org Xorg-server 1.20.4 All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-5304-1 xorg-server DEBIAN www.debian.org
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
2151761 – (CVE-2022-4283) CVE-2022-4283 xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free MISC bugzilla.redhat.com
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202305-30) — Gentoo security MISC security.gentoo.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160370 Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-0045)
  • 160375 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-0046)
  • 160584 Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2257)
  • 160631 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2248)
  • 160633 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2249)
  • 160654 Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2830)
  • 160677 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2805)
  • 160679 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2806)
  • 181435 Debian Security Update for xorg-server (DSA 5304-1)
  • 181498 Debian Security Update for xorg-server (DLA 3256-1)
  • 184651 Debian Security Update for xwaylandxorg-server (CVE-2022-4283)
  • 199077 Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-1)
  • 199494 Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-2)
  • 241038 Red Hat Update for tigervnc (RHSA-2023:0045)
  • 241039 Red Hat Update for xorg-x11-server (RHSA-2023:0046)
  • 241415 Red Hat Update for xorg-x11-server (RHSA-2023:2248)
  • 241448 Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2249)
  • 241454 Red Hat Update for tigervnc (RHSA-2023:2257)
  • 241510 Red Hat Update for xorg-x11-server (RHSA-2023:2806)
  • 241514 Red Hat Update for tigervnc (RHSA-2023:2830)
  • 241537 Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2805)
  • 257215 CentOS Security Update for xorg-x11-server (CESA-2023:0046)
  • 257218 CentOS Security Update for tigervnc (CESA-2023:0045)
  • 283512 Fedora Security Update for xorg (FEDORA-2022-c3a65f7c65)
  • 283535 Fedora Security Update for xorg (FEDORA-2022-721a78b7e5)
  • 283559 Fedora Security Update for xorg (FEDORA-2022-dd3eb7e0a8)
  • 354751 Amazon Linux Security Advisory for xorg-x11-server : ALAS-2023-1689
  • 355062 Amazon Linux Security Advisory for xorg-x11-server : AL2012-2023-386
  • 355170 Amazon Linux Security Advisory for xorg-x11-server : ALAS2023-2023-102
  • 377896 Alibaba Cloud Linux Security Update for tigervnc (ALINUX2-SA-2023:0002)
  • 378649 Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX3-SA-2023:0062)
  • 378653 Alibaba Cloud Linux Security Update for tigervnc (ALINUX3-SA-2023:0063)
  • 379627 Alibaba Cloud Linux Security Update for xorg-x11-server-xwayland (ALINUX3-SA-2024:0044)
  • 502971 Alpine Linux Security Update for xorg-server
  • 502974 Alpine Linux Security Update for xwayland
  • 505838 Alpine Linux Security Update for xorg-server
  • 505841 Alpine Linux Security Update for xwayland
  • 672598 EulerOS Security Update for tigervnc (EulerOS-SA-2023-1340)
  • 672610 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1344)
  • 672786 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1544)
  • 672833 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1569)
  • 672888 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1775)
  • 672938 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1797)
  • 673075 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2180)
  • 673084 EulerOS Security Update for tigervnc (EulerOS-SA-2023-2176)
  • 673169 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2345)
  • 673199 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2325)
  • 691025 Free Berkeley Software Distribution (FreeBSD) Security Update for xorg (9fa7b139-c1e9-409e-bed0-006aadcf5845)
  • 710738 Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202305-30)
  • 753006 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4482-1)
  • 753007 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4481-1)
  • 753008 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4479-1)
  • 753009 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4480-1)
  • 753010 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4484-1)
  • 753011 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4483-1)
  • 941008 AlmaLinux Security Update for tigervnc (ALSA-2023:2257)
  • 941042 AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2248)
  • 941062 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2249)
  • 941068 AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2806)
  • 941080 AlmaLinux Security Update for tigervnc (ALSA-2023:2830)
  • 941119 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2805)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report