A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString
of the file xkb/xkb.c. The manipulation leads to buffer overflow. The CWE definition for the vulnerability is CWE-120. The weakness was released 10/17/2022. It is possible to read the advisory at cgit.freedesktop.org.
This vulnerability is known as CVE-2022-3550. The attack can only be done within the local network. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment.
It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k.
The bugfix is ready for download at cgit.freedesktop.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.