Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uxsy-k3cg-mkdd
Vulnerability ID VCID-uxsy-k3cg-mkdd
Aliases CVE-2022-46343
Summary Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46343.json
cvssv3.1 8.8 https://access.redhat.com/security/cve/CVE-2022-46343
ssvc Track https://access.redhat.com/security/cve/CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
epss 0.01109 https://api.first.org/data/v1/epss?cve=CVE-2022-46343
cvssv3.1 8.8 https://bugzilla.redhat.com/show_bug.cgi?id=2151758
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2151758
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
cvssv3.1 8.8 https://security.gentoo.org/glsa/202305-30
ssvc Track https://security.gentoo.org/glsa/202305-30
cvssv3.1 8.8 https://www.debian.org/security/2022/dsa-5304
ssvc Track https://www.debian.org/security/2022/dsa-5304
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46343.json
https://api.first.org/data/v1/epss?cve=CVE-2022-46343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46340
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46341
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46344
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1026071 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026071
2151758 https://bugzilla.redhat.com/show_bug.cgi?id=2151758
5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
CVE-2022-46343 https://access.redhat.com/security/cve/CVE-2022-46343
dsa-5304 https://www.debian.org/security/2022/dsa-5304
DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
GLSA-202305-30 https://security.gentoo.org/glsa/202305-30
RHSA-2023:0045 https://access.redhat.com/errata/RHSA-2023:0045
RHSA-2023:0046 https://access.redhat.com/errata/RHSA-2023:0046
RHSA-2023:2248 https://access.redhat.com/errata/RHSA-2023:2248
RHSA-2023:2249 https://access.redhat.com/errata/RHSA-2023:2249
RHSA-2023:2257 https://access.redhat.com/errata/RHSA-2023:2257
RHSA-2023:2805 https://access.redhat.com/errata/RHSA-2023:2805
RHSA-2023:2806 https://access.redhat.com/errata/RHSA-2023:2806
RHSA-2023:2830 https://access.redhat.com/errata/RHSA-2023:2830
RHSA-2025:12751 https://access.redhat.com/errata/RHSA-2025:12751
USN-5778-1 https://usn.ubuntu.com/5778-1/
USN-5778-2 https://usn.ubuntu.com/5778-2/
Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46343.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2022-46343
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://access.redhat.com/security/cve/CVE-2022-46343
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2151758
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2151758
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-30
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://security.gentoo.org/glsa/202305-30
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5304
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-22T15:13:50Z/ Found at https://www.debian.org/security/2022/dsa-5304
Exploit Prediction Scoring System (EPSS)
Percentile 0.78083
EPSS Score 0.01109
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:27.075130+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202305-30 38.0.0