Bug 2140701 (CVE-2022-3551)
Summary: | CVE-2022-3551 xorg-x11-server: memory leak in ProcXkbGetKbdByName() in xkb/xkb.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adudiak, ajax, jwong, kaycoth, kshier, ofourdan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the xorg-x11-server package. The ProcXkbGetKbdByName function in xkb/xkb.c does not release allocated data when an error is encountered, allowing for a memory leak.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-07 08:15:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2140702, 2140703, 2140770, 2140771, 2140772, 2140773, 2140774 | ||
Bug Blocks: | 2135594 |
Description
Guilherme de Almeida Suckevicz
2022-11-07 16:52:10 UTC
Created xorg-x11-server tracking bugs for this issue: Affects: fedora-all [bug 2140703] Created xorg-x11-server-Xwayland tracking bugs for this issue: Affects: fedora-all [bug 2140702] It's a memory leak, not a security issue. Some data is not freed when an error is encountered, meaning that in the common case, there is no leak. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:8491 https://access.redhat.com/errata/RHSA-2022:8491 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3551 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2248 https://access.redhat.com/errata/RHSA-2023:2248 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2249 https://access.redhat.com/errata/RHSA-2023:2249 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2805 https://access.redhat.com/errata/RHSA-2023:2805 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2806 https://access.redhat.com/errata/RHSA-2023:2806 |