Xorg-x11-server: use-after-free bug in damagedestroy
CVE-2023-5574

7HIGH

Key Information:

Vendor
Red Hat
Status
xorg-server
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
25 October 2023

Summary

A use-after-free vulnerability has been identified in the xorg-x11-server-Xvfb component, which is particularly prone in legacy configurations involving multi-screen setups, commonly referred to as Zaphod mode. This issue arises when a pointer is moved from one screen to another (from screen 1 to screen 0) during the shutdown or reset of the Xvfb server, potentially leading to privilege escalation or a denial of service. System administrators utilizing this server configuration should take urgent measures to mitigate risks associated with this flaw.

Affected Version(s)

xorg-server 21.1.9

References

https://access.redhat.com/security/cve/CVE-2023-5574
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2244735
issue-trackingx_refsource_REDHAT
https://lists.x.org/archives/xorg-announce/2023-October/0...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.