CVE-2018-14665
Find out more about CVE-2018-14665 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of xorg-x11-server as shipped with Red Hat Enterprise Linux 5 and 6, as well as Red Hat Enterprise Linux 7 prior to 7.4, as they did not allow the use of vulnerable command line options when running with elevated privileges.
The default X server configuration in Red Hat Enterprise Linux only allows users logged in on the system's physical console to run Xorg X server. Therefore, users which only have remote access to the the system (for example using SSH) can not exploit this flaw.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Physical |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | xorg-x11-server | Affected |
| Red Hat Enterprise Linux 6 | xorg-x11-server | Not affected |
| Red Hat Enterprise Linux 5 | xorg-x11-server | Not affected |
