CVE-2022-2320
X.Org Server ProcXkbSetDeviceInfo Out-Of-Bounds Access Local Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
Se ha encontrado un fallo en Xorg-x11-server. El fallo específico es producido en la administración de las peticiones ProcXkbSetDeviceInfo. El problema es debido a que no se comprueban apropiadamente los datos suministrados por el usuario, lo que puede resultar en un acceso a la memoria más allá del final de un búfer asignado. Este fallo permite a un atacante escalar privilegios y ejecutar código arbitrario en el contexto de root
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-05 CVE Reserved
- 2022-07-12 CVE Published
- 2024-04-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20221104-0003 | Third Party Advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-22-963 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202210-30 | 2024-02-01 | |
https://access.redhat.com/security/cve/CVE-2022-2320 | 2022-11-15 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2106683 | 2022-11-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
X.org Search vendor "X.org" | Xorg-server Search vendor "X.org" for product "Xorg-server" | 21.1.0 Search vendor "X.org" for product "Xorg-server" and version "21.1.0" | - |
Affected
|