CVE-2020-14347

Published: Aug 5, 2020Modified: Aug 29, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Affected (7)

Products: X.org: X Server · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
X.org X Server	Before 1.20.9

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References (20)

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html

Source: secalert@redhat.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.x.org/archives/xorg-announce/2020-July/003051.html

Source: secalert@redhat.com

Mailing ListPatchVendor Advisory

https://security.gentoo.org/glsa/202012-01

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4488-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4488-2/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2020/dsa-4758

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/07/31/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00066.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00075.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14347

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00057.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.x.org/archives/xorg-announce/2020-July/003051.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://security.gentoo.org/glsa/202012-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4488-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4488-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4758

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/07/31/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.