SB2022101844 - Multiple vulnerabilities in X.org Server
Published: October 18, 2022 Updated: February 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2022-3553)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xquartz component in hw/xquartz/X11Controller.m. A local user can force the application to leak memory and perform denial of service attack.
2) Memory leak (CVE-ID: CVE-2022-3551)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the ProcXkbGetKbdByName() function in xkb/xkb.c. A local user can force the application to leak memory and perform denial of service attack.
3) Buffer overflow (CVE-ID: CVE-2022-3550)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the _GetCountedString() function in xkb/xkb.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://vuldb.com/?id.211053
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3
- https://vuldb.com/?id.211052
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2
- https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e
- https://vuldb.com/?id.211051