{"api_version":"1","generated_at":"2026-04-22T23:31:41+00:00","cve":"CVE-2022-2319","urls":{"html":"https://cve.report/CVE-2022-2319","api":"https://cve.report/api/cve/CVE-2022-2319.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2319","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2319"},"summary":{"title":"CVE-2022-2319","description":"A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-09-01 21:15:00","updated_at":"2023-02-12 22:15:00"},"problem_types":["CWE-1320"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2022:5905","name":"https://access.redhat.com/errata/RHSA-2022:5905","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939","name":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939","refsource":"MISC","tags":[],"title":"[server 21.1] Fix CVE-2022-2319, CVE-2022-2320 (!939) · Merge requests · xorg / xserver · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2022:8222","name":"https://access.redhat.com/errata/RHSA-2022:8222","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20221104-0003/","name":"https://security.netapp.com/advisory/ntap-20221104-0003/","refsource":"CONFIRM","tags":[],"title":"September 2022 X.Org X Server Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-964/","name":"https://www.zerodayinitiative.com/advisories/ZDI-22-964/","refsource":"MISC","tags":[],"title":"ZDI-22-964 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html","name":"https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html","refsource":"MISC","tags":[],"title":"X.Org Security Advisory: July 12, 2022","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2022:8221","name":"https://access.redhat.com/errata/RHSA-2022:8221","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2022-2319","name":"https://access.redhat.com/security/cve/CVE-2022-2319","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2022:7583","name":"https://access.redhat.com/errata/RHSA-2022:7583","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202210-30","name":"GLSA-202210-30","refsource":"GENTOO","tags":[],"title":"X.Org X server, XWayland: Multiple Vulnerabilities (GLSA 202210-30) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938","name":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938","refsource":"MISC","tags":[],"title":"Fix CVE-2022-2319, CVE-2022-2320 (!938) · Merge requests · xorg / xserver · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2106671","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2106671","refsource":"MISC","tags":[],"title":"2106671 – (CVE-2022-2319, ZDI-CAN-16062) CVE-2022-2319 xorg-x11-server: X.Org Server ProcXkbSetGeometry out-of-bounds access","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2319","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2319","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"2319","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"x.org","cpe5":"xorg-server","cpe6":"21.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-2319","qid":"160023","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2022-5905)"},{"cve":"CVE-2022-2319","qid":"160220","title":"Oracle Enterprise Linux Security Update for xorg-x11-server and xorg-x11-server-xwayland (ELSA-2022-7583)"},{"cve":"CVE-2022-2319","qid":"160269","title":"Oracle Enterprise Linux Security Update for xorg-x11-server (ELSA-2022-8221)"},{"cve":"CVE-2022-2319","qid":"160298","title":"Oracle Enterprise Linux Security Update for xorg-x11-server-xwayland (ELSA-2022-8222)"},{"cve":"CVE-2022-2319","qid":"180917","title":"Debian Security Update for xorg-server (DLA 3068-1)"},{"cve":"CVE-2022-2319","qid":"180918","title":"Debian Security Update for xorg-server (DSA 5199-1)"},{"cve":"CVE-2022-2319","qid":"183941","title":"Debian Security Update for xwaylandxorg-server (CVE-2022-2319)"},{"cve":"CVE-2022-2319","qid":"198854","title":"Ubuntu Security Notification for X.Org X Server Vulnerabilities (USN-5510-1)"},{"cve":"CVE-2022-2319","qid":"240593","title":"Red Hat Update for xorg-x11-server (RHSA-2022:5905)"},{"cve":"CVE-2022-2319","qid":"240841","title":"Red Hat Update for xorg-x11-server and xorg-x11-server-xwayland (RHSA-2022:7583)"},{"cve":"CVE-2022-2319","qid":"240872","title":"Red Hat Update for xorg-x11-server (RHSA-2022:8221)"},{"cve":"CVE-2022-2319","qid":"240883","title":"Red Hat Update for xorg-x11-server-xwayland (RHSA-2022:8222)"},{"cve":"CVE-2022-2319","qid":"257186","title":"CentOS Security Update for xorg-x11-server (CESA-2022:5905)"},{"cve":"CVE-2022-2319","qid":"282936","title":"Fedora Security Update for xorg (FEDORA-2022-856bb475b7)"},{"cve":"CVE-2022-2319","qid":"282937","title":"Fedora Security Update for xorg (FEDORA-2022-6807c29d58)"},{"cve":"CVE-2022-2319","qid":"282983","title":"Fedora Security Update for xorg (FEDORA-2022-8e787b2a5c)"},{"cve":"CVE-2022-2319","qid":"282984","title":"Fedora Security Update for xorg (FEDORA-2022-573714ca6b)"},{"cve":"CVE-2022-2319","qid":"296083","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 49.126.2 Missing (CPUOCT2022)"},{"cve":"CVE-2022-2319","qid":"354077","title":"Amazon Linux Security Advisory for xorg-x11-server : ALAS2-2022-1856"},{"cve":"CVE-2022-2319","qid":"502430","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-2319","qid":"502970","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-2319","qid":"505837","title":"Alpine Linux Security Update for xorg-server"},{"cve":"CVE-2022-2319","qid":"672143","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2452)"},{"cve":"CVE-2022-2319","qid":"672206","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2484)"},{"cve":"CVE-2022-2319","qid":"672227","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2640)"},{"cve":"CVE-2022-2319","qid":"672267","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2672)"},{"cve":"CVE-2022-2319","qid":"672279","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2704)"},{"cve":"CVE-2022-2319","qid":"672334","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2785)"},{"cve":"CVE-2022-2319","qid":"672385","title":"EulerOS Security Update for xorg-x11-server (EulerOS-SA-2022-2750)"},{"cve":"CVE-2022-2319","qid":"710658","title":"Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202210-30)"},{"cve":"CVE-2022-2319","qid":"752337","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2375-1)"},{"cve":"CVE-2022-2319","qid":"752339","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2369-1)"},{"cve":"CVE-2022-2319","qid":"752343","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2373-1)"},{"cve":"CVE-2022-2319","qid":"752344","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2374-1)"},{"cve":"CVE-2022-2319","qid":"752345","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2370-1)"},{"cve":"CVE-2022-2319","qid":"752346","title":"SUSE Enterprise Linux Security Update for xorg-x11-server (SUSE-SU-2022:2371-1)"},{"cve":"CVE-2022-2319","qid":"940755","title":"AlmaLinux Security Update for xorg-x11-server and xorg-x11-server-Xwayland (ALSA-2022:7583)"},{"cve":"CVE-2022-2319","qid":"940806","title":"AlmaLinux Security Update for xorg-x11-server-Xwayland (ALSA-2022:8222)"},{"cve":"CVE-2022-2319","qid":"940807","title":"AlmaLinux Security Update for xorg-x11-server (ALSA-2022:8221)"},{"cve":"CVE-2022-2319","qid":"960185","title":"Rocky Linux Security Update for xorg-x11-server and xorg-x11-server-Xwayland (RLSA-2022:7583)"},{"cve":"CVE-2022-2319","qid":"960508","title":"Rocky Linux Security Update for xorg-x11-server-Xwayland (RLSA-2022:8222)"},{"cve":"CVE-2022-2319","qid":"960627","title":"Rocky Linux Security Update for xorg-x11-server (RLSA-2022:8221)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-2319","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-1320","cweId":"CWE-1320"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"xorg-x11-server","version":{"version_data":[{"version_affected":"=","version_value":"xorg-x11-server 21.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938","refsource":"MISC","name":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938"},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939","refsource":"MISC","name":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939"},{"url":"https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html","refsource":"MISC","name":"https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html"},{"url":"https://security.gentoo.org/glsa/202210-30","refsource":"MISC","name":"https://security.gentoo.org/glsa/202210-30"},{"url":"https://security.netapp.com/advisory/ntap-20221104-0003/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20221104-0003/"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-964/","refsource":"MISC","name":"https://www.zerodayinitiative.com/advisories/ZDI-22-964/"}]}},"nvd":{"publishedDate":"2022-09-01 21:15:00","lastModifiedDate":"2023-02-12 22:15:00","problem_types":["CWE-1320"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:x.org:xorg-server:21.1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}