CVE-2022-46342

NameCVE-2022-46342
DescriptionA vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3256-1, DSA-5304-1
Debian Bugs1026071

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xorg-server (PTS)bullseye2:1.20.11-1+deb11u13fixed
bullseye (security)2:1.20.11-1+deb11u14fixed
bookworm, bookworm (security)2:21.1.7-3+deb12u8fixed
trixie2:21.1.14-2fixed
sid2:21.1.15-2fixed
xwayland (PTS)bookworm2:22.1.9-1fixed
sid, trixie2:24.1.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xorg-serversourcebuster2:1.20.4-1+deb10u7DLA-3256-1
xorg-serversourcebullseye2:1.20.11-1+deb11u4DSA-5304-1
xorg-serversource(unstable)2:21.1.5-11026071
xwaylandsource(unstable)2:22.1.6-1

Notes

https://lists.x.org/archives/xorg-announce/2022-December/003302.html
https://gitlab.freedesktop.org/xorg/xserver/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b
Search for package or bug name: Reporting problems