CVE-2022-46343
8.8
HIGH
CVSS 3.1
EPSS 1.1%
Description
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
How to fix CVE-2022-46343
To remediate CVE-2022-46343, upgrade the affected package to a fixed version below.
- Debian/xorg-server—upgrade to 2:1.20.11-1+deb11u4 or later
- —upgrade to 2:22.1.6-1 or later
Is CVE-2022-46343 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:1.20.11-1+deb11u4
- from 0, < 2:22.1.6-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |