CVE-2022-46341
Description
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description xorg-x11-server: XIPassiveUngrab out-of-bounds access Red Hat statement Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity. CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 6โฆ
Description
xorg-x11-server: XIPassiveUngrab out-of-bounds access
Red Hat statement
Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.
CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION | tigervnc-0:1.1.0-25.el6_10.13 | RHSA-2025:12751 | 2025-08-04T00:00:00Z |
| Red Hat Enterprise Linux 7 | tigervnc-0:1.8.0-23.el7_9 | RHSA-2023:0045 | 2023-01-09T00:00:00Z |
| Red Hat Enterprise Linux 7 | xorg-x11-server-0:1.20.4-21.el7_9 | RHSA-2023:0046 | 2023-01-09T00:00:00Z |
| Red Hat Enterprise Linux 8 | xorg-x11-server-Xwayland-0:21.1.3-10.el8 | RHSA-2023:2805 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 8 | xorg-x11-server-0:1.20.11-15.el8 | RHSA-2023:2806 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 8 | tigervnc-0:1.12.0-15.el8_8 | RHSA-2023:2830 | 2023-05-16T00:00:00Z |
| Red Hat Enterprise Linux 9 | xorg-x11-server-0:1.20.11-17.el9 | RHSA-2023:2248 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | xorg-x11-server-Xwayland-0:21.1.3-7.el9 | RHSA-2023:2249 | 2023-05-09T00:00:00Z |
| Red Hat Enterprise Linux 9 | tigervnc-0:1.12.0-13.el9_2 | RHSA-2023:2257 | 2023-05-09T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | xorg-x11-server | Out of support scope |
Apply commands
yum update -y tigervnc
# or:
dnf upgrade -y tigervncOS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | tigervnc-server-1.12.0-13.el9_2.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2:21.1.5-1 |
| sid | Fixed | 2:21.1.5-1 |
| forky | Fixed | 2:21.1.5-1 |
| bullseye | Fixed | 2:1.20.11-1+deb11u4 |
| bookworm | Fixed | 2:21.1.5-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
References
- https://access.redhat.com/errata/RHSA-2023:2248
- https://access.redhat.com/errata/RHSA-2023:2249
- https://access.redhat.com/errata/RHSA-2023:2257
- https://www.suse.com/security/cve/CVE-2022-46341.html
- https://security-tracker.debian.org/tracker/CVE-2022-46341
- https://access.redhat.com/errata/RHSA-2023:2830
- https://bugzilla.redhat.com/2151755
- https://bugzilla.redhat.com/2151756
- https://bugzilla.redhat.com/2151757
- https://bugzilla.redhat.com/2151758
- https://bugzilla.redhat.com/2151760
- https://bugzilla.redhat.com/2151761
- https://errata.almalinux.org/8/ALSA-2023-2830.html
- https://errata.almalinux.org/9/ALSA-2023-2257.html
- https://access.redhat.com/errata/RHSA-2023:2806
- https://bugzilla.redhat.com/2140698
- https://bugzilla.redhat.com/2140701
- https://bugzilla.redhat.com/2165995
- https://errata.almalinux.org/8/ALSA-2023-2806.html
- https://access.redhat.com/errata/RHSA-2023:2805
- https://errata.almalinux.org/8/ALSA-2023-2805.html
- https://errata.almalinux.org/9/ALSA-2023-2248.html
- https://errata.almalinux.org/9/ALSA-2023-2249.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.