Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46343

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Published

2022-12-14T21:15:13.543

Last Modified

2025-04-22T16:15:41.467

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-416
Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	x.org	x_server	1.20.4	Yes
Operating System	redhat	enterprise_linux	6.0	No
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://access.redhat.com/security/cve/CVE-2022-46343 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2151758 Issue Tracking, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/ Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202305-30 ([email protected])
https://www.debian.org/security/2022/dsa-5304 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-46343 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2151758 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202305-30 (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5304 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)