6.5 CVE-2022-3551

Patch

 

A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.
https://nvd.nist.gov/vuln/detail/CVE-2022-3551

Categories

CWE-404 : Improper Resource Shutdown or Release
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

CWE-401 : Missing Release of Memory after Effective Lifetime
This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

References

DEBIAN

DSA-5278
Third Party Advisory

FEDORA

FEDORA-2022-64ad80875c
Mailing List Third Party Advisory
FEDORA-2022-613e993500
Mailing List Third Party Advisory
FEDORA-2022-5495b36bed
Mailing List Third Party Advisory
FEDORA-2022-9100b7aafd
Mailing List Third Party Advisory

N/A Patch

N/A
Third Party Advisory VDB Entry
N/A
Mailing List Patch Vendor Advisory

_MLIST


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:x.org:x_server:-:*:*:*:*:*:*:*
Configuration 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Configuration 3
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Patch

Url
N/A

Exploits

Exploit-db.com
id description date
No known exploits
Other (github, ...)
Url
No known exploits

CAPEC

id description severity
131 Resource Leak Exposure
Medium
666 BlueSmacking
Medium
125 Flooding
Medium
130 Excessive Allocation
Medium
494 TCP Fragmentation
495 UDP Fragmentation
496 ICMP Fragmentation

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution