Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
CVE-2023-6478

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor: CVE Published:; 13 December 2023

Summary

A notable flaw has been identified in the xorg-server component, where a crafted request to either RRChangeProviderProperty or RRChangeOutputProperty can lead to an integer overflow. This vulnerability has the potential to cause unintended disclosure of sensitive information, posing a risk to systems utilizing affected versions of xorg-server.

Affected Version(s)

Red Hat Enterprise Linux 7 0:1.8.0-28.el7_9

Red Hat Enterprise Linux 7 0:1.20.4-25.el7_9

Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.4

References

http://www.openwall.com/lists/oss-security/2023/12/13/1

https://access.redhat.com/errata/RHSA-2023:7886

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0006

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Dec 4, 2023

Credit

This issue was discovered by Peter Hutterer (Red Hat).