DEBIAN-CVE-2022-46340

DEBIAN-CVE-2022-46340 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	xorg-server	0, 0, 0
Debian:12	xorg-server	0, 0, 0
Debian:13	xorg-server	0, 0, 0
Debian:13	xwayland	0, 0, 0
Debian:14	xwayland	0, 0, 0
Debian:12	xwayland	0, 0, 0
Debian:11	xorg-server	2:1.20.11-1+deb11u2, 2:1.20.11-1+deb11u3, 0

Timeline

Dec 14, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-46340 advisory

Open in Interactive Console →