First published: Thu Dec 08 2022(Updated: )
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
X.Org X Server | =1.20.4 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
Debian Debian Linux | =11.0 | |
debian/xorg-server | <=2:1.20.4-1+deb10u4 | 2:1.20.4-1+deb10u12 2:1.20.11-1+deb11u6 2:1.20.11-1+deb11u10 2:21.1.7-3+deb12u2 2:21.1.7-3+deb12u4 2:21.1.10-1 |
debian/xwayland | 2:22.1.9-1 2:23.2.3-1 | |
All of | ||
X.Org X Server | =1.20.4 | |
Any of | ||
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-46340 is a vulnerability in X.Org that occurs due to a stack corruption issue in the XTestFakeInput request of the XTest extension.
The severity of CVE-2022-46340 is high with a CVSS score of 8.8.
The affected software versions include xorg-server versions 2:1.20.4-1+deb10u9, 2:1.20.11-1+deb11u6, 2:21.1.7-3, and 2:21.1.8-1.
To fix CVE-2022-46340, update xorg-server to versions 2:1.20.4-1+deb10u9, 2:1.20.11-1+deb11u6, 2:21.1.7-3, or 2:21.1.8-1.
No, Redhat Enterprise Linux versions 6.0, 7.0, 8.0, and 9.0 are not vulnerable to CVE-2022-46340.