CVE-2022-46343
HIGHX.Org X Server - Use-After-Free in ScreenSaverSetAttributes Request Handler
Title source: llmDescription
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References (7)
Core 7
Core References
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-46343
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2151758
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5304
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
Third Party Advisory
https://security.gentoo.org/glsa/202305-30
Scores
CVSS v3
8.8
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (4)
debian/debian_linux
11.0
fedoraproject/fedora
36
fedoraproject/fedora
37
x.org/x_server
1.20.4
Published
Dec 14, 2022
Tracked Since
Feb 18, 2026