Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-46344 (GCVE-0-2022-46344)
Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2025-02-13 16:33
VLAI?
EPSS
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Severity ?
No CVSS data available.
CWE
- out-of-bounds access
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | xorg-x11-server |
Affected:
xorg-x11-server-1.20.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"name": "FEDORA-2022-c3a65f7c65",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"name": "FEDORA-2022-721a78b7e5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"name": "DSA-5304",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5304"
},
{
"name": "FEDORA-2022-dd3eb7e0a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xorg-x11-server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "xorg-x11-server-1.20.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T15:06:28.232Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"name": "FEDORA-2022-c3a65f7c65",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"name": "FEDORA-2022-721a78b7e5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"name": "DSA-5304",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5304"
},
{
"name": "FEDORA-2022-dd3eb7e0a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-46344",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-11-30T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:33:49.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-46344",
"date": "2026-05-20",
"epss": "0.00766",
"percentile": "0.73657"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57310355-409C-49E8-ACA1-A26AD5ECA739\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validaci\\u00f3n de longitud, lo que genera lecturas de memoria fuera de los l\\u00edmites y una posible divulgaci\\u00f3n de informaci\\u00f3n. Este problema puede provocar una elevaci\\u00f3n de privilegios locales en sistemas donde el servidor X ejecuta c\\u00f3digo privilegiado y remoto para sesiones de reenv\\u00edo ssh X.\"}]",
"id": "CVE-2022-46344",
"lastModified": "2024-11-21T07:30:25.630",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2022-12-14T21:15:13.600",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-46344\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2151760\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-30\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5304\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-46344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2151760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202305-30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5304\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-46344\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-12-14T21:15:13.600\",\"lastModified\":\"2024-11-21T07:30:25.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validaci\u00f3n de longitud, lo que genera lecturas de memoria fuera de los l\u00edmites y una posible divulgaci\u00f3n de informaci\u00f3n. Este problema puede provocar una elevaci\u00f3n de privilegios locales en sistemas donde el servidor X ejecuta c\u00f3digo privilegiado y remoto para sesiones de reenv\u00edo ssh X.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57310355-409C-49E8-ACA1-A26AD5ECA739\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/13/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-46344\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2151760\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-30\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5304\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/13/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-46344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2151760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
alsa-2023:2248
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-12 12:19
Summary
Moderate: xorg-x11-server security and bug fix update
Details
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
- xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
- xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-Xdmx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-Xephyr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-Xnest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-Xorg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-Xvfb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-source"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-17.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es):\n\n* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)\n* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)\n* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)\n* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)\n* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)\n* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)\n* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)\n* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)\n* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2248",
"modified": "2023-05-12T12:19:10Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2248"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3550"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0494"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140698"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140701"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151758"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151760"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165995"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2248.html"
}
],
"related": [
"CVE-2022-3550",
"CVE-2022-4283",
"CVE-2022-46340",
"CVE-2022-46341",
"CVE-2022-46342",
"CVE-2022-46343",
"CVE-2022-46344",
"CVE-2023-0494",
"CVE-2022-3551"
],
"summary": "Moderate: xorg-x11-server security and bug fix update"
}
alsa-2023:2249
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-12 13:16
Summary
Moderate: xorg-x11-server-Xwayland security update
Details
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
- xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
- xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "xorg-x11-server-Xwayland"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "21.1.3-7.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Xwayland is an X server for running X clients under Wayland.\n\nSecurity Fix(es):\n\n* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)\n* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)\n* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)\n* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)\n* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)\n* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)\n* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)\n* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)\n* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2249",
"modified": "2023-05-12T13:16:39Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2249"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3550"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0494"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140698"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140701"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151758"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151760"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165995"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2249.html"
}
],
"related": [
"CVE-2022-3550",
"CVE-2022-4283",
"CVE-2022-46340",
"CVE-2022-46341",
"CVE-2022-46342",
"CVE-2022-46343",
"CVE-2022-46344",
"CVE-2023-0494",
"CVE-2022-3551"
],
"summary": "Moderate: xorg-x11-server-Xwayland security update"
}
alsa-2023:2257
Vulnerability from osv_almalinux
Published
2023-05-09 00:00
Modified
2023-05-12 09:08
Summary
Moderate: tigervnc security and bug fix update
Details
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc-license"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc-server-minimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "tigervnc-server-module"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-13.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)\n* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)\n* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)\n* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)\n* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)\n* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2257",
"modified": "2023-05-12T09:08:26Z",
"published": "2023-05-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2257"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151758"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151760"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151761"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-2257.html"
}
],
"related": [
"CVE-2022-4283",
"CVE-2022-46340",
"CVE-2022-46341",
"CVE-2022-46342",
"CVE-2022-46343",
"CVE-2022-46344"
],
"summary": "Moderate: tigervnc security and bug fix update"
}
alsa-2023:2805
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-20 19:22
Summary
Moderate: xorg-x11-server-Xwayland security update
Details
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
- xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
- xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-Xwayland"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "21.1.3-10.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Xwayland is an X server for running X clients under Wayland.\n\nSecurity Fix(es):\n\n* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)\n* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)\n* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)\n* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)\n* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)\n* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)\n* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)\n* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)\n* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2805",
"modified": "2023-05-20T19:22:38Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2805"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3550"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0494"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140698"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140701"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151758"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151760"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165995"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-2805.html"
}
],
"related": [
"CVE-2022-3550",
"CVE-2022-4283",
"CVE-2022-46340",
"CVE-2022-46341",
"CVE-2022-46342",
"CVE-2022-46343",
"CVE-2022-46344",
"CVE-2023-0494",
"CVE-2022-3551"
],
"summary": "Moderate: xorg-x11-server-Xwayland security update"
}
alsa-2023:2806
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-19 22:06
Summary
Moderate: xorg-x11-server security and bug fix update
Details
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
- xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
- xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-Xdmx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-Xephyr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-Xnest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-Xorg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-Xvfb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "xorg-x11-server-source"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.11-15.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es):\n\n* xorg-x11-server: buffer overflow in _GetCountedString() in xkb/xkb.c (CVE-2022-3550)\n* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)\n* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)\n* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)\n* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)\n* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)\n* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)\n* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)\n* xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c (CVE-2022-3551)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2806",
"modified": "2023-05-19T22:06:20Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2806"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3550"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0494"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140698"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140701"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151758"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151760"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151761"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2165995"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-2806.html"
}
],
"related": [
"CVE-2022-3550",
"CVE-2022-4283",
"CVE-2022-46340",
"CVE-2022-46341",
"CVE-2022-46342",
"CVE-2022-46343",
"CVE-2022-46344",
"CVE-2023-0494",
"CVE-2022-3551"
],
"summary": "Moderate: xorg-x11-server security and bug fix update"
}
alsa-2023:2830
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-19 22:12
Summary
Moderate: tigervnc security and bug fix update
Details
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc-icons"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc-license"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc-selinux"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc-server-minimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "tigervnc-server-module"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.0-15.el8_8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)\n* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)\n* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)\n* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)\n* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)\n* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2830",
"modified": "2023-05-19T22:12:06Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2830"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-4283"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46340"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46341"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46342"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46343"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151757"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151758"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151760"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2151761"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-2830.html"
}
],
"related": [
"CVE-2022-4283",
"CVE-2022-46340",
"CVE-2022-46341",
"CVE-2022-46342",
"CVE-2022-46343",
"CVE-2022-46344"
],
"summary": "Moderate: tigervnc security and bug fix update"
}
FKIE_CVE-2022-46344
Vulnerability from fkie_nvd - Published: 2022-12-14 21:15 - Updated: 2024-11-21 07:30
Severity ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2023/12/13/1 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-46344 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2151760 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/ | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/ | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/ | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202305-30 | ||
| secalert@redhat.com | https://www.debian.org/security/2022/dsa-5304 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/13/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-46344 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2151760 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-30 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5304 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| x.org | x_server | 1.20.4 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57310355-409C-49E8-ACA1-A26AD5ECA739",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validaci\u00f3n de longitud, lo que genera lecturas de memoria fuera de los l\u00edmites y una posible divulgaci\u00f3n de informaci\u00f3n. Este problema puede provocar una elevaci\u00f3n de privilegios locales en sistemas donde el servidor X ejecuta c\u00f3digo privilegiado y remoto para sesiones de reenv\u00edo ssh X."
}
],
"id": "CVE-2022-46344",
"lastModified": "2024-11-21T07:30:25.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T21:15:13.600",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5304"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JJF8-5XJQ-FQ8J
Vulnerability from github – Published: 2022-12-14 21:30 – Updated: 2022-12-19 21:30
VLAI?
Details
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-46344"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-14T21:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"id": "GHSA-jjf8-5xjq-fq8j",
"modified": "2022-12-19T21:30:27Z",
"published": "2022-12-14T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46344"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0045"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:0046"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5304"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-46344
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-46344",
"id": "GSD-2022-46344",
"references": [
"https://www.debian.org/security/2022/dsa-5304",
"https://access.redhat.com/errata/RHSA-2023:0045",
"https://access.redhat.com/errata/RHSA-2023:0046",
"https://www.suse.com/security/cve/CVE-2022-46344.html",
"https://ubuntu.com/security/CVE-2022-46344",
"https://alas.aws.amazon.com/cve/html/CVE-2022-46344.html",
"https://advisories.mageia.org/CVE-2022-46344.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-46344"
],
"details": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"id": "GSD-2022-46344",
"modified": "2023-12-13T01:19:37.820291Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-46344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xorg-x11-server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "xorg-x11-server-1.20.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/CVE-2022-46344",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"name": "https://www.debian.org/security/2022/dsa-5304",
"refsource": "MISC",
"url": "https://www.debian.org/security/2022/dsa-5304"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"name": "https://security.gentoo.org/glsa/202305-30",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"name": "http://www.openwall.com/lists/oss-security/2023/12/13/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:x_server:1.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57310355-409C-49E8-ACA1-A26AD5ECA739",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validaci\u00f3n de longitud, lo que genera lecturas de memoria fuera de los l\u00edmites y una posible divulgaci\u00f3n de informaci\u00f3n. Este problema puede provocar una elevaci\u00f3n de privilegios locales en sistemas donde el servidor X ejecuta c\u00f3digo privilegiado y remoto para sesiones de reenv\u00edo ssh X."
}
],
"id": "CVE-2022-46344",
"lastModified": "2023-12-13T15:15:07.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T21:15:13.600",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2023/12/13/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-46344"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202305-30"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5304"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
OPENSUSE-SU-2024:12569-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
xorg-x11-server-21.1.4-6.1 on GA media
Severity
Moderate
Notes
Title of the patch: xorg-x11-server-21.1.4-6.1 on GA media
Description of the patch: These are all security issues fixed in the xorg-x11-server-21.1.4-6.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12569
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
27 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2022-4283/ | self |
| https://www.suse.com/security/cve/CVE-2022-46340/ | self |
| https://www.suse.com/security/cve/CVE-2022-46341/ | self |
| https://www.suse.com/security/cve/CVE-2022-46342/ | self |
| https://www.suse.com/security/cve/CVE-2022-46343/ | self |
| https://www.suse.com/security/cve/CVE-2022-46344/ | self |
| https://www.suse.com/security/cve/CVE-2022-4283 | external |
| https://bugzilla.suse.com/1206017 | external |
| https://bugzilla.suse.com/1208344 | external |
| https://bugzilla.suse.com/1208653 | external |
| https://www.suse.com/security/cve/CVE-2022-46340 | external |
| https://bugzilla.suse.com/1205874 | external |
| https://bugzilla.suse.com/1206822 | external |
| https://bugzilla.suse.com/1208344 | external |
| https://bugzilla.suse.com/1208653 | external |
| https://www.suse.com/security/cve/CVE-2022-46341 | external |
| https://bugzilla.suse.com/1205877 | external |
| https://bugzilla.suse.com/1208653 | external |
| https://www.suse.com/security/cve/CVE-2022-46342 | external |
| https://bugzilla.suse.com/1205879 | external |
| https://www.suse.com/security/cve/CVE-2022-46343 | external |
| https://bugzilla.suse.com/1205878 | external |
| https://www.suse.com/security/cve/CVE-2022-46344 | external |
| https://bugzilla.suse.com/1205876 | external |
| https://bugzilla.suse.com/1217766 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "xorg-x11-server-21.1.4-6.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the xorg-x11-server-21.1.4-6.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12569",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12569-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4283 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-46340 page",
"url": "https://www.suse.com/security/cve/CVE-2022-46340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-46341 page",
"url": "https://www.suse.com/security/cve/CVE-2022-46341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-46342 page",
"url": "https://www.suse.com/security/cve/CVE-2022-46342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-46343 page",
"url": "https://www.suse.com/security/cve/CVE-2022-46343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-46344 page",
"url": "https://www.suse.com/security/cve/CVE-2022-46344/"
}
],
"title": "xorg-x11-server-21.1.4-6.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12569-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-21.1.4-6.1.aarch64",
"product": {
"name": "xorg-x11-server-21.1.4-6.1.aarch64",
"product_id": "xorg-x11-server-21.1.4-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"product": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"product_id": "xorg-x11-server-Xvfb-21.1.4-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-21.1.4-6.1.aarch64",
"product": {
"name": "xorg-x11-server-extra-21.1.4-6.1.aarch64",
"product_id": "xorg-x11-server-extra-21.1.4-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"product": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"product_id": "xorg-x11-server-sdk-21.1.4-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-21.1.4-6.1.aarch64",
"product": {
"name": "xorg-x11-server-source-21.1.4-6.1.aarch64",
"product_id": "xorg-x11-server-source-21.1.4-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"product": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"product_id": "xorg-x11-server-wrapper-21.1.4-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-21.1.4-6.1.ppc64le",
"product": {
"name": "xorg-x11-server-21.1.4-6.1.ppc64le",
"product_id": "xorg-x11-server-21.1.4-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"product": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"product_id": "xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"product": {
"name": "xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"product_id": "xorg-x11-server-extra-21.1.4-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"product": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"product_id": "xorg-x11-server-sdk-21.1.4-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-21.1.4-6.1.ppc64le",
"product": {
"name": "xorg-x11-server-source-21.1.4-6.1.ppc64le",
"product_id": "xorg-x11-server-source-21.1.4-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"product": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"product_id": "xorg-x11-server-wrapper-21.1.4-6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-21.1.4-6.1.s390x",
"product": {
"name": "xorg-x11-server-21.1.4-6.1.s390x",
"product_id": "xorg-x11-server-21.1.4-6.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"product": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"product_id": "xorg-x11-server-Xvfb-21.1.4-6.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-21.1.4-6.1.s390x",
"product": {
"name": "xorg-x11-server-extra-21.1.4-6.1.s390x",
"product_id": "xorg-x11-server-extra-21.1.4-6.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-21.1.4-6.1.s390x",
"product": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.s390x",
"product_id": "xorg-x11-server-sdk-21.1.4-6.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-21.1.4-6.1.s390x",
"product": {
"name": "xorg-x11-server-source-21.1.4-6.1.s390x",
"product_id": "xorg-x11-server-source-21.1.4-6.1.s390x"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"product": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"product_id": "xorg-x11-server-wrapper-21.1.4-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xorg-x11-server-21.1.4-6.1.x86_64",
"product": {
"name": "xorg-x11-server-21.1.4-6.1.x86_64",
"product_id": "xorg-x11-server-21.1.4-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"product": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"product_id": "xorg-x11-server-Xvfb-21.1.4-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-extra-21.1.4-6.1.x86_64",
"product": {
"name": "xorg-x11-server-extra-21.1.4-6.1.x86_64",
"product_id": "xorg-x11-server-extra-21.1.4-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"product": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"product_id": "xorg-x11-server-sdk-21.1.4-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-source-21.1.4-6.1.x86_64",
"product": {
"name": "xorg-x11-server-source-21.1.4-6.1.x86_64",
"product_id": "xorg-x11-server-source-21.1.4-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "xorg-x11-server-wrapper-21.1.4-6.1.x86_64",
"product": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.x86_64",
"product_id": "xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-21.1.4-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64"
},
"product_reference": "xorg-x11-server-21.1.4-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-21.1.4-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le"
},
"product_reference": "xorg-x11-server-21.1.4-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-21.1.4-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x"
},
"product_reference": "xorg-x11-server-21.1.4-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-21.1.4-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64"
},
"product_reference": "xorg-x11-server-21.1.4-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64"
},
"product_reference": "xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le"
},
"product_reference": "xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x"
},
"product_reference": "xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-Xvfb-21.1.4-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64"
},
"product_reference": "xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-21.1.4-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64"
},
"product_reference": "xorg-x11-server-extra-21.1.4-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-21.1.4-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le"
},
"product_reference": "xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-21.1.4-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x"
},
"product_reference": "xorg-x11-server-extra-21.1.4-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-extra-21.1.4-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64"
},
"product_reference": "xorg-x11-server-extra-21.1.4-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64"
},
"product_reference": "xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le"
},
"product_reference": "xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x"
},
"product_reference": "xorg-x11-server-sdk-21.1.4-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-sdk-21.1.4-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64"
},
"product_reference": "xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-21.1.4-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64"
},
"product_reference": "xorg-x11-server-source-21.1.4-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-21.1.4-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le"
},
"product_reference": "xorg-x11-server-source-21.1.4-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-21.1.4-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x"
},
"product_reference": "xorg-x11-server-source-21.1.4-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-source-21.1.4-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64"
},
"product_reference": "xorg-x11-server-source-21.1.4-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64"
},
"product_reference": "xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le"
},
"product_reference": "xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x"
},
"product_reference": "xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xorg-x11-server-wrapper-21.1.4-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
},
"product_reference": "xorg-x11-server-wrapper-21.1.4-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4283"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4283",
"url": "https://www.suse.com/security/cve/CVE-2022-4283"
},
{
"category": "external",
"summary": "SUSE Bug 1206017 for CVE-2022-4283",
"url": "https://bugzilla.suse.com/1206017"
},
{
"category": "external",
"summary": "SUSE Bug 1208344 for CVE-2022-4283",
"url": "https://bugzilla.suse.com/1208344"
},
{
"category": "external",
"summary": "SUSE Bug 1208653 for CVE-2022-4283",
"url": "https://bugzilla.suse.com/1208653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-4283"
},
{
"cve": "CVE-2022-46340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-46340"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-46340",
"url": "https://www.suse.com/security/cve/CVE-2022-46340"
},
{
"category": "external",
"summary": "SUSE Bug 1205874 for CVE-2022-46340",
"url": "https://bugzilla.suse.com/1205874"
},
{
"category": "external",
"summary": "SUSE Bug 1206822 for CVE-2022-46340",
"url": "https://bugzilla.suse.com/1206822"
},
{
"category": "external",
"summary": "SUSE Bug 1208344 for CVE-2022-46340",
"url": "https://bugzilla.suse.com/1208344"
},
{
"category": "external",
"summary": "SUSE Bug 1208653 for CVE-2022-46340",
"url": "https://bugzilla.suse.com/1208653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-46340"
},
{
"cve": "CVE-2022-46341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-46341"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-46341",
"url": "https://www.suse.com/security/cve/CVE-2022-46341"
},
{
"category": "external",
"summary": "SUSE Bug 1205877 for CVE-2022-46341",
"url": "https://bugzilla.suse.com/1205877"
},
{
"category": "external",
"summary": "SUSE Bug 1208653 for CVE-2022-46341",
"url": "https://bugzilla.suse.com/1208653"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-46341"
},
{
"cve": "CVE-2022-46342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-46342"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-46342",
"url": "https://www.suse.com/security/cve/CVE-2022-46342"
},
{
"category": "external",
"summary": "SUSE Bug 1205879 for CVE-2022-46342",
"url": "https://bugzilla.suse.com/1205879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-46342"
},
{
"cve": "CVE-2022-46343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-46343"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-46343",
"url": "https://www.suse.com/security/cve/CVE-2022-46343"
},
{
"category": "external",
"summary": "SUSE Bug 1205878 for CVE-2022-46343",
"url": "https://bugzilla.suse.com/1205878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-46343"
},
{
"cve": "CVE-2022-46344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-46344"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-46344",
"url": "https://www.suse.com/security/cve/CVE-2022-46344"
},
{
"category": "external",
"summary": "SUSE Bug 1205876 for CVE-2022-46344",
"url": "https://bugzilla.suse.com/1205876"
},
{
"category": "external",
"summary": "SUSE Bug 1217766 for CVE-2022-46344",
"url": "https://bugzilla.suse.com/1217766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-Xvfb-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-extra-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-sdk-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-source-21.1.4-6.1.x86_64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.aarch64",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.ppc64le",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.s390x",
"openSUSE Tumbleweed:xorg-x11-server-wrapper-21.1.4-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-46344"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…