The corrective issues of X.org Server 21.1.5 and xwayland 22.1.6 , DDX component (Device-Dependant X) that ensures the launch of X.org Server to organize the implementation of X11 applications in the environment on the basis of Wayland. In the new versions, it was eliminated by 6 vulnerabilities , which can potentially be operated to improve privileges in systems in which the X-server is performed with ROOT rights, as well as for the remote performance of the code in the configurations in which the X11 session is used for access using SSH.
- cve-2022-46340 -overflow of stack when processing queries XTESWAPKEINPUNPUT with transmission to the generIcevent field data in size of more than 32 bytes.
- cve-2022-46341 -Appeal to the region outside the borders of the boofer when processing queries Xipassiveungrab, caused with large values of keys or buttons.
- cve-2022-46342 -Memory appeal after its release (use-fter- free) through manipulation with XVDISELECTVIDEONOTITIE.
- cve-2022-46343 -Memory appeal after its release (USE-fter- Free) through manipulation with screensaversettrtributes.
- cve-2022-46344 -access to data outside the boundaries of the buffer when processing queries XICHANGEPROPERTY with large parameters.
- cve-2022-46283 -Memory appeal after its release (use-fter- free) through manipulation with XKBGETKBDBYNAME.
/Media reports cited above.