CVE-2020-14347
X.Org Server Pixel Data Uninitialized Memory Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
Se encontró un fallo en la manera en que la memoria de xserver no fue inicializada apropiadamente. Esto podría filtrar partes de la memoria del servidor hacia cliente X. En los casos en que el servidor Xorg se ejecuta con privilegios elevados, esto podría resultar en una posible omisión de ASLR. Xorg-server anterior a la versión 1.20.9 es vulnerable
A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass.
This vulnerability allows local attackers to disclose sensitive information on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the processing of pixel data. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-08-04 CVE Published
- 2024-07-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html | Mailing List | |
https://www.openwall.com/lists/oss-security/2020/07/31/2 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.x.org/archives/xorg-announce/2020-July/003051.html | 2023-11-07 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html | 2023-11-07 | |
https://security.gentoo.org/glsa/202012-01 | 2023-11-07 | |
https://usn.ubuntu.com/4488-1 | 2023-11-07 | |
https://usn.ubuntu.com/4488-2 | 2023-11-07 | |
https://www.debian.org/security/2020/dsa-4758 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2020-14347 | 2021-05-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1862258 | 2021-05-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
X.org Search vendor "X.org" | Xorg-server Search vendor "X.org" for product "Xorg-server" | < 1.20.9 Search vendor "X.org" for product "Xorg-server" and version " < 1.20.9" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
|