Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

Written by Michael Larabel in X.Org on 12 July 2022 at 09:00 AM EDT. 83 Comments

X.ORG

Getting things started for this "Patch Tuesday" are the disclosure of two new X.Org Server vulnerabilities.

These issues affecting out-of-bounds accesses with the X.Org Server can lead to local privilege elevation on systems where the X.Org Server is running privileged and remote code execution for SSH X forwarding sessions.

CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server's Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren't relying on your xorg-server running as root.

Fixes for these XKB vulnerabilities have been patched in X.Org Server Git and xorg-server 21.1.4 point release is expected soon with these fixes. Both vulnerabilities were discovered by Trend Micro's Zero Day Initiative.

More details in today's X.Org Security Advisory.

Update: X.Org Server 21.1.4 is now available. In addition to these security fixes there is also a large number of XQuartz fixes from Apple, a GCC 12 build fix in the render code, a possible crash fix in the PRESENT code, and various other small fixes.

83 Comments

Related News

XDC 2023 To Provide Update On AMD HDR For The Steam Deck, Rusticl & Wine Wayland

XWayland 23.2 RC2 Restores An Optimization For Depth 24 Windows

Twitter's New "X" Logo Is Reminding Plenty Of People Around X.Org

XWayland 23.2 RC1 Brings Tearing Control, Resizable Rootful, Emulated Input

X.Org Foundation To Become Part Of The SFC

xf86-video-ati 22.0 Released For Older ATI/AMD GPUs

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

The Maintainer Of The NVIDIA Open-Source "Nouveau" Linux Kernel Driver Resigns

Valve Is A Wonderful Upstream Contributor To Linux & The Open-Source Community

GCC Preparing To Introduce "-fhardened" Security Hardening Option

Intel To Further Collaborate With Red Hat, Canonical & SUSE For Intel-Optimized Linux Distros

Ubuntu 23.04 & 22.04.3 Installs Haven't Been Following Their Own Security Best Practices

SteamOS 3.5 Rolls Out In Preview On The Steam Deck With Many New Features

ReactOS "Open-Source Windows" Shown Running On Valve's Steam Deck

Microsoft Releases A Big Update To Windows Subsystem For Linux, New Experimental Options