Xorg-x11-server: use-after-free bug in damagedestroy
CVE-2023-5574

7HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
25 October 2023

What is CVE-2023-5574?

A use-after-free vulnerability has been identified in the xorg-x11-server-Xvfb component, which is particularly prone in legacy configurations involving multi-screen setups, commonly referred to as Zaphod mode. This issue arises when a pointer is moved from one screen to another (from screen 1 to screen 0) during the shutdown or reset of the Xvfb server, potentially leading to privilege escalation or a denial of service. System administrators utilizing this server configuration should take urgent measures to mitigate risks associated with this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Enterprise Linux 9 0:1.13.1-8.el9

References

https://access.redhat.com/errata/RHSA-2024:2298
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5574
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2244735
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.