Cyber Resilience

CVE-2022-46341

High

Published: 14 December 2022

Published
14 December 2022
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0106 78.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-46341 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A vulnerability was found in X.Org where the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw affects the X server component and is tracked under CWE-787. It carries a CVSS score of 8.8 and can result in local privilege elevation on systems where the X server runs with elevated privileges, as well as remote code execution in ssh X forwarding sessions.

An attacker with the ability to send crafted X requests, such as a local user on a privileged X server or a remote party in an ssh X forwarding scenario, can trigger the out-of-bounds access to achieve code execution or privilege escalation. The issue stems directly from insufficient bounds checking in the request handler.

Advisories from Red Hat and Fedora distributions reference the CVE and provide package updates to address the flaw, with notifications distributed through their respective security lists and bug trackers.

The EPSS score for this CVE rose materially from a low baseline to a peak of 0.3933 on 2025-01-22 before receding, indicating that exploitation interest emerged well after initial disclosure and that the issue warrants renewed attention.

EU & UK References

Vulnerability details

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where…

more

the X server is running privileged and remote code execution for ssh X forwarding sessions.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

x.org
x server
1.20.4
fedoraproject
fedora
36, 37
debian
debian linux
11.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References