{
  "threat_severity" : "Important",
  "public_date" : "2020-08-25T00:00:00Z",
  "bugzilla" : {
    "description" : "xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability",
    "id" : "1869144",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1869144"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-191",
  "details" : [ "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "Xorg server does not run with root  privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.",
  "acknowledgement" : "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-11-05T00:00:00Z",
    "advisory" : "RHSA-2020:4953",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xorg-x11-server-0:1.17.4-18.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4910",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "xorg-x11-server-0:1.20.4-12.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "egl-wayland-0:1.1.5-3.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libdrm-0:2.4.103-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libglvnd-1:1.3.2-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libinput-0:1.16.3-1.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libwacom-0:1.6-2.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libX11-0:1.6.8-4.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "mesa-0:20.3.3-2.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "xorg-x11-drivers-0:7.7-30.el8",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1804",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "xorg-x11-server-0:1.20.10-1.el8",
    "impact" : "moderate"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "xorg-x11-server",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "xorg-x11-server",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-14362\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14362\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ],
  "name" : "CVE-2020-14362",
  "csaw" : false
}