CVE-2022-46344

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-46344
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-12-14 21:15:00 UTC
Updated2023-12-13 15:15:00 UTC
DescriptionA vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 11.0 All All All
Operating System Fedoraproject Fedora 36 All All All
Operating System Fedoraproject Fedora 37 All All All
Operating System Redhat Enterprise Linux 6.0 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 8.0 All All All
Operating System Redhat Enterprise Linux 9.0 All All All
Application X.org X Server 1.20.4 All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-5304-1 xorg-server DEBIAN www.debian.org
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-11.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
[SECURITY] Fedora 36 Update: xorg-x11-server-1.20.14-12.fc36 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
oss-security - FW: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.10 and Xwayland prior to 23.2.3 www.openwall.com
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.6-1.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
2151760 – (CVE-2022-46344) CVE-2022-46344 xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access MISC bugzilla.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202305-30) — Gentoo security MISC security.gentoo.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160370 Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-0045)
  • 160375 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-0046)
  • 160584 Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2257)
  • 160631 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2248)
  • 160633 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2249)
  • 160654 Oracle Enterprise Linux Security Update for tigervnc (ELSA-2023-2830)
  • 160677 Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2023-2805)
  • 160679 Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2023-2806)
  • 181435 Debian Security Update for xorg-server (DSA 5304-1)
  • 181498 Debian Security Update for xorg-server (DLA 3256-1)
  • 182940 Debian Security Update for xwaylandxorg-server (CVE-2022-46344)
  • 199077 Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-1)
  • 199494 Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5778-2)
  • 241038 Red Hat Update for tigervnc (RHSA-2023:0045)
  • 241039 Red Hat Update for xorg-x11-server (RHSA-2023:0046)
  • 241415 Red Hat Update for xorg-x11-server (RHSA-2023:2248)
  • 241448 Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2249)
  • 241454 Red Hat Update for tigervnc (RHSA-2023:2257)
  • 241510 Red Hat Update for xorg-x11-server (RHSA-2023:2806)
  • 241514 Red Hat Update for tigervnc (RHSA-2023:2830)
  • 241537 Red Hat Update for xorg-x11-server-xwayland (RHSA-2023:2805)
  • 257215 CentOS Security Update for xorg-x11-server (CESA-2023:0046)
  • 257218 CentOS Security Update for tigervnc (CESA-2023:0045)
  • 283512 Fedora Security Update for xorg (FEDORA-2022-c3a65f7c65)
  • 283535 Fedora Security Update for xorg (FEDORA-2022-721a78b7e5)
  • 283559 Fedora Security Update for xorg (FEDORA-2022-dd3eb7e0a8)
  • 296108 Oracle Solaris 11.4 Support Repository Update (SRU) 66.164.1 Missing (CPUJAN2024)
  • 354751 Amazon Linux Security Advisory for xorg-x11-server : ALAS-2023-1689
  • 355062 Amazon Linux Security Advisory for xorg-x11-server : AL2012-2023-386
  • 355170 Amazon Linux Security Advisory for xorg-x11-server : ALAS2023-2023-102
  • 377896 Alibaba Cloud Linux Security Update for tigervnc (ALINUX2-SA-2023:0002)
  • 378649 Alibaba Cloud Linux Security Update for xorg-x11-server (ALINUX3-SA-2023:0062)
  • 378653 Alibaba Cloud Linux Security Update for tigervnc (ALINUX3-SA-2023:0063)
  • 379627 Alibaba Cloud Linux Security Update for xorg-x11-server-xwayland (ALINUX3-SA-2024:0044)
  • 502971 Alpine Linux Security Update for xorg-server
  • 502974 Alpine Linux Security Update for xwayland
  • 505838 Alpine Linux Security Update for xorg-server
  • 505841 Alpine Linux Security Update for xwayland
  • 672598 EulerOS Security Update for tigervnc (EulerOS-SA-2023-1340)
  • 672610 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1344)
  • 672786 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1544)
  • 672833 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1569)
  • 672888 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1775)
  • 672938 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-1797)
  • 673075 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2180)
  • 673084 EulerOS Security Update for tigervnc (EulerOS-SA-2023-2176)
  • 673169 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2345)
  • 673199 EulerOS Security Update for xorg-x11-server (EulerOS-SA-2023-2325)
  • 691025 Free Berkeley Software Distribution (FreeBSD) Security Update for xorg (9fa7b139-c1e9-409e-bed0-006aadcf5845)
  • 710738 Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202305-30)
  • 753006 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4482-1)
  • 753007 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4481-1)
  • 753008 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4479-1)
  • 753009 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4480-1)
  • 753010 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4484-1)
  • 753011 SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:4483-1)
  • 941008 AlmaLinux Security Update for tigervnc (ALSA-2023:2257)
  • 941042 AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2248)
  • 941062 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2249)
  • 941068 AlmaLinux Security Update for xorg-x11-server (ALSA-2023:2806)
  • 941080 AlmaLinux Security Update for tigervnc (ALSA-2023:2830)
  • 941119 AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2023:2805)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report