What is the vulnerability ID?

The vulnerability ID is CVE-2022-46341.

What is the severity of CVE-2022-46341?

CVE-2022-46341 has a severity score of 8.8, which is considered high.

What is the affected software?

The affected software includes X.Org X Server version 1.20.4 and Debian/xorg-server versions 2:1.20.4-1+deb10u9, 2:1.20.11-1+deb11u6, 2:21.1.7-3, 2:21.1.8-1. Xwayland versions 2:22.1.9-1 and 2:23.2.1-1 are also affected.

How can this vulnerability be exploited?

This vulnerability can be exploited by invoking the handler for the XIPassiveUngrab request with a high keycode or button code, causing it to access out-of-bounds memory and potentially leading to local privileges elevation.

Is Redhat Enterprise Linux vulnerable to CVE-2022-46341?

No, Redhat Enterprise Linux versions 6.0, 7.0, 8.0, and 9.0 are not vulnerable to CVE-2022-46341.

Vulnerability/
CVE-2022-46341

high

8.8

CWE

787

8/12/2022

14/12/2022

30/5/2023

CVE-2022-46341

First published: Thu Dec 08 2022(Updated: )

CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access The handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
X.Org X Server	=1.20.4
Redhat Enterprise Linux	=6.0
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
Debian Debian Linux	=11.0
debian/xorg-server	<=2:1.20.4-1+deb10u4	2:1.20.4-1+deb10u12 2:1.20.11-1+deb11u6 2:1.20.11-1+deb11u10 2:21.1.7-3+deb12u2 2:21.1.7-3+deb12u4 2:21.1.10-1
debian/xwayland		2:22.1.9-1 2:23.2.3-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-46341.
What is the severity of CVE-2022-46341?
CVE-2022-46341 has a severity score of 8.8, which is considered high.
What is the affected software?
The affected software includes X.Org X Server version 1.20.4 and Debian/xorg-server versions 2:1.20.4-1+deb10u9, 2:1.20.11-1+deb11u6, 2:21.1.7-3, 2:21.1.8-1. Xwayland versions 2:22.1.9-1 and 2:23.2.1-1 are also affected.
How can this vulnerability be exploited?
This vulnerability can be exploited by invoking the handler for the XIPassiveUngrab request with a high keycode or button code, causing it to access out-of-bounds memory and potentially leading to local privileges elevation.
Is Redhat Enterprise Linux vulnerable to CVE-2022-46341?
No, Redhat Enterprise Linux versions 6.0, 7.0, 8.0, and 9.0 are not vulnerable to CVE-2022-46341.

collector/redhat-bugzilla
alias/CVE-2022-46341
collector/nvd-index
collector/security-tracker-debian
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/last-modified-date
vendor/x.org
canonical/x.org x server
version/x.org x server/1.20.4
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/6.0
version/redhat enterprise linux/7.0
version/redhat enterprise linux/8.0
version/redhat enterprise linux/9.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
version/fedoraproject fedora/37
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0
package-manager/debian