Search CVE reports
1 – 10 of 132 results
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
XSYNC Use-after-free in miSyncTriggerFence(). When walking the list of fences to trigger, miSyncTriggerFence() may call TriggerFence() for the current trigger, which end up calling the function SyncAwaitTriggerFired()....
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
XKB Out-of-bounds Read in CheckSetGeom(). Each key alias entry contains two key names (the alias and the real key name). The code in CheckSetGeom() does its bounds checking using only the first name, allowing XkbAddGeomKeyAlias to...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xwayland | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 10 of 16
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition....
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Needs evaluation |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 17 of 18
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
7 affected packages
xorg-server, xwayland, xorg, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 17 of 18
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xorg | Not affected | Not affected | Not affected | Not affected | Not affected |
| xorg-server | Fixed | Fixed | Fixed | Fixed | Fixed |
| xwayland | Fixed | Fixed | Fixed | — | — |
| xorg-server-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-server-hwe-18.04 | Not in release | Not in release | Not in release | — | Fixed |
| xorg-hwe-16.04 | Not in release | Not in release | Not in release | — | — |
| xorg-hwe-18.04 | Not in release | Not in release | Not in release | — | Not affected |