摘要:
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
安全等级: Low
公告ID: KylinSec-SA-2025-2422
发布日期: 2025年5月30日
关联CVE: CVE-2022-46343
在 X.Org 中发现一个安全漏洞。该漏洞源于 ScreenSaverSetAttributes 请求的处理程序可能向已释放的内存写入数据。此问题可能导致以下风险:
本地权限提升:当 X 服务器以特权模式运行时,攻击者可利用此漏洞获取更高权限;
远程代码执行:针对启用了 SSH X 转发的会话,攻击者可能远程执行任意代码。
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-46343 | KY3.4-5A | xorg-x11-server-utils | Unaffected |
| CVE-2022-46343 | V6 | xorg-x11-server-utils | Unaffected |
