CVE-2022-4283

CVSS V2 None CVSS V3 None
Description
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Overview
  • CVE ID
  • CVE-2022-4283
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T21:15:14
  • Last Modified Date
  • 2023-02-23T23:01:40
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:x.org:xorg-server:1.20.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://access.redhat.com/errata/RHSA-2023:0045
https://access.redhat.com/errata/RHSA-2023:0046
https://access.redhat.com/security/cve/CVE-2022-4283 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2151761 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
https://www.debian.org/security/2022/dsa-5304
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-4283
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4283
History
Created Old Value New Value Data Type Notes
2022-12-14 22:14:54 Added to TrackCVE
2022-12-18 09:30:12 2022-12-14T21:15:14.980 2022-12-14T21:15:14 CVE Published Date updated
2022-12-18 09:30:12 2022-12-16T05:15:18 CVE Modified Date updated
2022-12-18 09:30:12 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-18 09:30:20 References updated
2022-12-19 03:15:35 2022-12-19T03:15:11 CVE Modified Date updated
2022-12-19 03:15:37 References updated
2022-12-19 15:14:59 2022-12-19T14:51:19 CVE Modified Date updated
2022-12-19 15:14:59 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-19 15:14:59 CWE-416 Weakness Enumeration new
2022-12-19 15:15:00 CPE Information updated
2022-12-21 07:02:28 2022-12-21T04:15:11 CVE Modified Date updated
2022-12-21 07:02:28 Analyzed Modified Vulnerability Status updated
2022-12-21 07:02:29 References updated
2022-12-22 20:15:31 Modified Undergoing Analysis Vulnerability Status updated
2022-12-26 04:16:12 2022-12-26T04:15:11 CVE Modified Date updated
2022-12-26 04:16:15 References updated
2022-12-27 01:15:32 2022-12-27T01:15:11 CVE Modified Date updated
2023-02-02 17:14:30 2023-02-02T16:19:32 CVE Modified Date updated
2023-02-02 17:14:30 A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. Description updated
2023-02-02 17:14:31 References updated
2023-02-12 22:19:18 2023-02-12T22:15:32 CVE Modified Date updated
2023-02-12 22:19:19 A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Description updated
2023-02-23 23:15:58 2023-02-23T23:01:40 CVE Modified Date updated
2023-02-23 23:15:58 Undergoing Analysis Analyzed Vulnerability Status updated