First published: Thu Jul 30 2020(Updated: )
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/xorg-server | <=2:1.20.8-2<=2:1.20.4-1 | 2:1.20.9-1 2:1.20.4-1+deb10u1 |
X.org Xorg-server | <1.20.9 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
redhat/xorg-server | <1.20.9 | 1.20.9 |
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
debian/xorg-server | 2:1.20.11-1+deb11u13 2:1.20.11-1+deb11u14 2:21.1.7-3+deb12u8 2:21.1.14-2 2:21.1.15-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14347 is a vulnerability in X.Org Xserver that allows a local authenticated attacker to obtain sensitive information.
CVE-2020-14347 works by exploiting a failure to initialize the memory in xserver pixmap data, which can leak parts of sensitive information.
CVE-2020-14347 has a severity rating of high.
The affected software versions of CVE-2020-14347 are xorg-server-hwe-18.04 (2:1.20.8-2ubuntu2.2~18.04.2), xorg-server-hwe-18.04 (1.20.9), xorg-server (2:1.19.6-1ubuntu4.5), xorg-server (2:1.20.8-2ubuntu2.3), xorg-server (2:1.15.1-0ubuntu2.11+), xorg-server (2:1.18.4-0ubuntu0.9), xorg-server-hwe-16.04 (1.20.9), xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.3), xorg-server (1.20.9), xorg-server (2:1.20.9-1), and xorg-server (2:1.20.4-1+deb10u1).
To fix CVE-2020-14347, update to the latest version of the affected software packages: xorg-server-hwe-18.04 (2:1.20.8-2ubuntu2.2~18.04.2), xorg-server-hwe-18.04 (1.20.9), xorg-server (2:1.19.6-1ubuntu4.5), xorg-server (2:1.20.8-2ubuntu2.3), xorg-server (2:1.15.1-0ubuntu2.11+), xorg-server (2:1.18.4-0ubuntu0.9), xorg-server-hwe-16.04 (1.20.9), xorg-server-hwe-16.04 (2:1.19.6-1ubuntu4.1~16.04.3), xorg-server (1.20.9), xorg-server (2:1.20.9-1), and xorg-server (2:1.20.4-1+deb10u1).