Vulnerability CVE-2022-46343: Information

Description

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: Dec. 15, 2022
Modified: May 30, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xorg-serversisyphus_e2k1.20.14-alt8.E2K.121.1.3-alt1.E2K.1ALT-PU-2023-3913-1-Fixed
xorg-serverp101.20.14-alt61.20.14-alt11ALT-PU-2022-3399-1311677Fixed
xorg-serverp10_e2k1.20.14-alt8.E2K.21.20.14-alt9.E2K.1ALT-PU-2023-6819-1-Fixed
xorg-serverp91.20.8-alt101.20.8-alt12ALT-PU-2023-7278-2334512Fixed
xorg-serverc10f11.20.14-alt61.20.14-alt9ALT-PU-2022-3399-1311677Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*