{"id":"CVE-2022-2320","details":"A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.","modified":"2026-04-16T04:39:14.419736364Z","published":"2022-09-01T21:15:09.443Z","related":["ALSA-2022:7583","ALSA-2022:8221","ALSA-2022:8222","SUSE-SU-2022:2369-1","SUSE-SU-2022:2370-1","SUSE-SU-2022:2371-1","SUSE-SU-2022:2372-1","SUSE-SU-2022:2373-1","SUSE-SU-2022:2374-1","SUSE-SU-2022:2375-1","openSUSE-SU-2024:12187-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-30"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221104-0003/"},{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-22-963/"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/938"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/939"},{"type":"FIX","url":"https://lists.freedesktop.org/archives/xorg-announce/2022-July/003192.html"},{"type":"FIX","url":"https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"21.1.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2320.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}