The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Aug 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
X.org x Server
|
|
CPEs | cpe:2.3:a:x.org:xorg-server:1.16.1.901:*:*:*:*:*:*:* cpe:2.3:a:x.org:xorg-server:1.16.1:*:*:*:*:*:*:* cpe:2.3:a:x.org:xorg-server:1.16.2.901:*:*:*:*:*:*:* cpe:2.3:a:x.org:xorg-server:1.16.2:*:*:*:*:*:*:* cpe:2.3:a:x.org:xorg-server:1.16.3:*:*:*:*:*:*:* cpe:2.3:a:x.org:xorg-server:1.17.0:*:*:*:*:*:*:* |
cpe:2.3:a:x.org:x_server:1.16.0:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:1.16.1.901:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:1.16.1:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:1.16.2.901:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:1.16.2:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:1.16.3:*:*:*:*:*:*:* cpe:2.3:a:x.org:x_server:1.17.0:*:*:*:*:*:*:* |
Vendors & Products |
X.org x Server
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T05:39:31.640Z
Reserved: 2015-04-10T00:00:00
Link: CVE-2015-3164

No data.

Status : Deferred
Published: 2015-07-01T14:59:07.267
Modified: 2025-08-29T13:42:30.557
Link: CVE-2015-3164


No data.