CVE-2022-46341
Published: 14 December 2022
Summary
CVE-2022-46341 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A vulnerability was found in X.Org where the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw affects the X server component and is tracked under CWE-787. It carries a CVSS score of 8.8 and can result in local privilege elevation on systems where the X server runs with elevated privileges, as well as remote code execution in ssh X forwarding sessions.
An attacker with the ability to send crafted X requests, such as a local user on a privileged X server or a remote party in an ssh X forwarding scenario, can trigger the out-of-bounds access to achieve code execution or privilege escalation. The issue stems directly from insufficient bounds checking in the request handler.
Advisories from Red Hat and Fedora distributions reference the CVE and provide package updates to address the flaw, with notifications distributed through their respective security lists and bug trackers.
The EPSS score for this CVE rose materially from a low baseline to a peak of 0.3933 on 2025-01-22 before receding, indicating that exploitation interest emerged well after initial disclosure and that the issue warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-49157
Vulnerability details
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where…
more
the X server is running privileged and remote code execution for ssh X forwarding sessions.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.