CVE-2022-46342
HIGHX.Org X Server - Use-After-Free in XvdiSelectVideoNotify Request Handler
Title source: llmDescription
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
References (7)
Core 7
Core References
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-46342
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2151757
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5304
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
Third Party Advisory
https://security.gentoo.org/glsa/202305-30
Scores
CVSS v3
8.8
EPSS
0.0013
EPSS Percentile
32.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (4)
debian/debian_linux
11.0
fedoraproject/fedora
36
fedoraproject/fedora
37
x.org/x_server
1.20.4
Published
Dec 14, 2022
Tracked Since
Feb 18, 2026