First published: Thu Jul 30 2020(Updated: )
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
X.org Xorg-server | <1.20.9 | |
Canonical Ubuntu Linux | =14.04 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
X.Org Server | ||
redhat/xorg-x11-server | <1.20.9 | 1.20.9 |
ubuntu/xorg-server | <2:1.19.6-1ubuntu4.5 | 2:1.19.6-1ubuntu4.5 |
ubuntu/xorg-server | <2:1.20.8-2ubuntu2.3 | 2:1.20.8-2ubuntu2.3 |
ubuntu/xorg-server | <2:1.15.1-0ubuntu2.11+ | 2:1.15.1-0ubuntu2.11+ |
ubuntu/xorg-server | <1.20.9 | 1.20.9 |
ubuntu/xorg-server | <2:1.18.4-0ubuntu0.9 | 2:1.18.4-0ubuntu0.9 |
ubuntu/xorg-server-hwe-16.04 | <1.20.9 | 1.20.9 |
ubuntu/xorg-server-hwe-16.04 | <2:1.19.6-1ubuntu4.1~16.04.3 | 2:1.19.6-1ubuntu4.1~16.04.3 |
ubuntu/xorg-server-hwe-18.04 | <2:1.20.8-2ubuntu2.2~18.04.2 | 2:1.20.8-2ubuntu2.2~18.04.2 |
ubuntu/xorg-server-hwe-18.04 | <1.20.9 | 1.20.9 |
debian/xorg-server | 2:1.20.4-1+deb10u4 2:1.20.4-1+deb10u14 2:1.20.11-1+deb11u11 2:1.20.11-1+deb11u13 2:21.1.7-3+deb12u5 2:21.1.7-3+deb12u7 2:21.1.12-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14346 is a vulnerability that allows local attackers to escalate privileges on affected installations of X.Org Server.
CVE-2020-14346 has a severity value of 7.8, which is considered high.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-14346 affects X.Org Server versions up to and including 1.20.9.
You can find more information about CVE-2020-14346 on the MITRE CVE website, the X.Org Server announcement, and the Red Hat security advisory.