6.5

CVE-2022-3551

X.org Server xkb.c ProcXkbGetKbdByName memory leak

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.OrgX Server Version < 21.1.6
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version35
FedoraprojectFedora Version36
FedoraprojectFedora Version37
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.68% 0.739
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 3.5 2.1 1.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://security.gentoo.org/glsa/202305-30
https://lists.debian.org/debian-lts-announce/2022/11/msg00012.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTPFVGYTOY4EWTJEBH3YGDTTU57FZAK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOEDFBYPSE3EMVHTEFCVEJD2R2Y5F2A5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXZZ6JBDBVBYPDI6DUTY6N36GNW37YHK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7W3NXSYK4P3XCZQBI3U6UWP4DPZIMRZ/
https://www.debian.org/security/2022/dsa-5278
Third Party Advisory
https://cgit.freedesktop.org/xorg/xserver/commit/?id=18f91b950e22c2a342a4fbc55e9ddf7534a707d2
Patch
Vendor Advisory
Mailing List
https://vuldb.com/?id.211052
Third Party Advisory
VDB Entry