DEBIAN-CVE-2022-46340

Source
https://security-tracker.debian.org/tracker/CVE-2022-46340
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-46340.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-46340
Upstream
Published
2022-12-14T21:15:13Z
Modified
2025-09-19T07:32:57.199473Z
Summary
[none]
Details

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.

References

Affected packages

Debian:11

xorg-server

Package

Name
xorg-server
Purl
pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:1.20.11-1+deb11u4

Affected versions

2:1.*

2:1.20.11-1
2:1.20.11-1+deb11u1
2:1.20.11-1+deb11u2
2:1.20.11-1+deb11u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

xorg-server

Package

Name
xorg-server
Purl
pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:21.1.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xwayland

Package

Name
xwayland
Purl
pkg:deb/debian/xwayland?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:22.1.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

xorg-server

Package

Name
xorg-server
Purl
pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:21.1.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xwayland

Package

Name
xwayland
Purl
pkg:deb/debian/xwayland?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:22.1.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

xorg-server

Package

Name
xorg-server
Purl
pkg:deb/debian/xorg-server?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:21.1.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

xwayland

Package

Name
xwayland
Purl
pkg:deb/debian/xwayland?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:22.1.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}