{
  "threat_severity" : "Important",
  "public_date" : "2020-08-25T00:00:00Z",
  "bugzilla" : {
    "description" : "xorg-x11-server: Out-of-bounds access in XkbSetNames function",
    "id" : "1862241",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1862241"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in X.Org Server. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "Xorg server does not run with root  privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.",
  "acknowledgement" : "Red Hat would like to thank X.org project for reporting this issue. Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-11-05T00:00:00Z",
    "advisory" : "RHSA-2020:4953",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xorg-x11-server-0:1.17.4-18.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4910",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "xorg-x11-server-0:1.20.4-12.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "egl-wayland-0:1.1.5-3.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libdrm-0:2.4.103-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libglvnd-1:1.3.2-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libinput-0:1.16.3-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libwacom-0:1.6-2.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libX11-0:1.6.8-4.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "mesa-0:20.3.3-2.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "xorg-x11-drivers-0:7.7-30.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "xorg-x11-server-0:1.20.10-1.el8",
    "impact" : "moderate"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "xorg-x11-server",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "xorg-x11-server",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-14345\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14345\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ],
  "name" : "CVE-2020-14345",
  "csaw" : false
}