CVE-2020-25712
Published: 1 December 2020
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Priority
Medium
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
xorg Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| groovy |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
xorg-hwe-16.04 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
xorg-hwe-18.04 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
| xenial |
Does not exist
|
|
|
xorg-server Launchpad, Ubuntu, Debian |
bionic |
Released
(2:1.19.6-1ubuntu4.8)
|
| focal |
Released
(2:1.20.8-2ubuntu2.6)
|
|
| groovy |
Released
(2:1.20.9-2ubuntu1.1)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(2:1.15.1-0ubuntu2.11+esm3)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2:1.18.4-0ubuntu0.11)
|
|
|
xorg-server-hwe-16.04 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2:1.19.6-1ubuntu4.1~16.04.5)
|
|
|
xorg-server-hwe-18.04 Launchpad, Ubuntu, Debian |
bionic |
Released
(2:1.20.8-2ubuntu2.2~18.04.4)
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
xorg-server-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
xorg-server-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
xorg-server-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
xorg-server-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
Notes
| Author | Note |
|---|---|
| mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs |
| amurray | ZDI-CAN-11839 |
| mdeslaur | cd5547444de39e3ebde1e8b88342fa8e0113040b |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25712
- https://www.openwall.com/lists/oss-security/2020/12/01/3
- https://ubuntu.com/security/notices/USN-4656-1
- https://ubuntu.com/security/notices/USN-4656-2
- NVD
- Launchpad
- Debian