Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
CVE-2023-5367

7.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.1 Update Services For SAP Solutions
Red Hat Enterprise Linux 8.2 Advanced Update Support
Vendor
CVE Published:
25 October 2023

What is CVE-2023-5367?

A vulnerability exists in the Xorg-X11 Server that stems from an incorrect buffer offset calculation within the XIChangeDeviceProperty and RRChangeOutputProperty functions. This flaw can lead to out-of-bounds writes, which may enable attackers to escalate privileges or induce denial of service conditions. Addressing this issue is critical for maintaining the integrity and security of systems running affected versions of the Xorg-X11 Server.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.20.4-24.el7_9

Red Hat Enterprise Linux 7 0:1.8.0-26.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.1

References

https://access.redhat.com/errata/RHSA-2023:6802
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:6808
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7373
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.