CVE-2022-46341

medium

Published 2023-05-09 · Modified 2023-05-12

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

Moderate: xorg-x11-server-Xwayland security update

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2249.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2248.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2805.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2805

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2806.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2165995

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2140701

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2140698

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2806

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2023-2257.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2023-2830.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2151761

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2151760

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2151758

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2151757

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2151756

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2151755

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2023:2830

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-46341

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-46341.html

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2257

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2249

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2023:2248

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description xorg-x11-server: XIPassiveUngrab out-of-bounds access Red Hat statement Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity. CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 6…

Description

xorg-x11-server: XIPassiveUngrab out-of-bounds access

Red Hat statement

Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.

CVSS v3: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION	`tigervnc-0:1.1.0-25.el6_10.13`	RHSA-2025:12751	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 7	`tigervnc-0:1.8.0-23.el7_9`	RHSA-2023:0045	2023-01-09T00:00:00Z
Red Hat Enterprise Linux 7	`xorg-x11-server-0:1.20.4-21.el7_9`	RHSA-2023:0046	2023-01-09T00:00:00Z
Red Hat Enterprise Linux 8	`xorg-x11-server-Xwayland-0:21.1.3-10.el8`	RHSA-2023:2805	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8	`xorg-x11-server-0:1.20.11-15.el8`	RHSA-2023:2806	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 8	`tigervnc-0:1.12.0-15.el8_8`	RHSA-2023:2830	2023-05-16T00:00:00Z
Red Hat Enterprise Linux 9	`xorg-x11-server-0:1.20.11-17.el9`	RHSA-2023:2248	2023-05-09T00:00:00Z
Red Hat Enterprise Linux 9	`xorg-x11-server-Xwayland-0:21.1.3-7.el9`	RHSA-2023:2249	2023-05-09T00:00:00Z
Red Hat Enterprise Linux 9	`tigervnc-0:1.12.0-13.el9_2`	RHSA-2023:2257	2023-05-09T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`xorg-x11-server`	Out of support scope

Apply commands

bash fix

Apply RHSA-2025:12751 for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION

yum update -y tigervnc
# or:
dnf upgrade -y tigervnc

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
sles		affected
debian	bookworm	fixed	`2:21.1.5-1`
debian	bullseye	fixed	`2:1.20.11-1+deb11u4`
debian	forky	fixed	`2:21.1.5-1`
debian	sid	fixed	`2:21.1.5-1`
debian	trixie	fixed	`2:21.1.5-1`

References

Verify integrity in audit chain (admin only). AS-IS.