Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-2320 CVE-2016-2848 |
CWE-ID | CWE-787 CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
openEuler Operating systems & Components / Operating system xorg-x11-server-Xwayland-devel Operating systems & Components / Operating system package or component xorg-x11-server-Xwayland-debugsource Operating systems & Components / Operating system package or component xorg-x11-server-Xwayland-debuginfo Operating systems & Components / Operating system package or component xorg-x11-server-Xwayland Operating systems & Components / Operating system package or component |
Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU65223
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2320
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ProcXkbSetDeviceInfo request handler of the Xkb extension. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
xorg-x11-server-Xwayland-devel: before 22.1.2-6
xorg-x11-server-Xwayland-debugsource: before 22.1.2-6
xorg-x11-server-Xwayland-debuginfo: before 22.1.2-6
xorg-x11-server-Xwayland: before 22.1.2-6
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1817
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1043
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2848
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to perform DoS attack on the targete system.
The weakness is due to insuffcient handling of options data in an OPT resource record. By sending a specially crafted DNS packet, attackers can trigger the named service to crash.
Successful exploitation of the vulnerability leads to denial of service on the vulnarable system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP4
xorg-x11-server-Xwayland-devel: before 22.1.2-6
xorg-x11-server-Xwayland-debugsource: before 22.1.2-6
xorg-x11-server-Xwayland-debuginfo: before 22.1.2-6
xorg-x11-server-Xwayland: before 22.1.2-6
CPE2.3http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1817
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.