Lucene search
RedhatCVE-2023-5380HistoryOct 25, 2023 - 8:15 p.m.
CVE-2023-5380
2023-10-2520:15:18
CWE-416
redhat
web.nvd.nist.gov
155
20
xorg-x11-server
use-after-free flaw
x server crash
multi-screen setup
nvd
cve-2023-5380
CVSS3
4.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5
Confidence
High
EPSS
0
Percentile
16.7%
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Affected configurations
Node
x.orgx_serverRange<21.1.9
ORx.orgxwaylandRange<23.2.2
Node
redhatenterprise_linuxMatch7.0
ORredhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
Node
fedoraprojectfedoraMatch37
ORfedoraprojectfedoraMatch38
ORfedoraprojectfedoraMatch39
Node
debiandebian_linuxMatch11.0
ORdebiandebian_linuxMatch12.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| x.org | x_server | * | cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* |
| x.org | xwayland | * | cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| fedoraproject | fedora | 37 | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
| fedoraproject | fedora | 38 | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
| fedoraproject | fedora | 39 | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| debian | debian_linux | 12.0 | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "tigervnc",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.8.0-26.el7_9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::computenode",
"cpe:/o:redhat:enterprise_linux:7::workstation",
"cpe:/o:redhat:enterprise_linux:7::client",
"cpe:/o:redhat:enterprise_linux:7::server"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "xorg-x11-server",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.20.11-22.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/a:redhat:enterprise_linux:8::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "tigervnc",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.13.1-8.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "xorg-x11-server",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.20.11-24.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "tigervnc",
"defaultStatus": "affected",
"versions": [
{
"version": "0:1.13.1-8.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "tigervnc",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "xorg-x11-server",
"defaultStatus": "unknown",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "xorg-x11-server",
"defaultStatus": "affected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "xorg-x11-server-Xwayland",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "xorg-x11-server-Xwayland",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
]
}
]References
access.redhat.com/errata/RHSA-2023:7428
access.redhat.com/errata/RHSA-2024:2169
access.redhat.com/errata/RHSA-2024:2298
access.redhat.com/errata/RHSA-2024:2995
access.redhat.com/errata/RHSA-2024:3067
access.redhat.com/security/cve/CVE-2023-5380
bugzilla.redhat.com/show_bug.cgi?id=2244736
lists.x.org/archives/xorg-announce/2023-October/003430.html
Social References
More
Related
redhatcve
redhatcve
CVE-2023-5380
2023-10-25 19:46:48
almalinux
almalinux
Moderate: tigervnc security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-04-30 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
osv
osv
Moderate: tigervnc security update
2024-05-22 00:00:00
CVE-2023-5380
2023-10-25 20:15:18
xorg-server, xwayland vulnerabilities
2023-10-25 16:57:28
redhat
redhat
(RHSA-2024:3067) Moderate: tigervnc security update
2024-05-22 06:35:30
(RHSA-2023:7428) Important: tigervnc security update
2023-11-21 14:52:48
(RHSA-2024:2298) Important: tigervnc security update
2024-04-30 06:15:18
zdi
zdi
veracode
veracode
Use After Free
2023-11-30 18:35:01
nvd
nvd
CVE-2023-5380
2023-10-25 20:15:18
nessus
nessus
RHEL 8 : tigervnc (RHSA-2024:3067)
2024-05-23 00:00:00
CentOS 8 : tigervnc (CESA-2024:3067)
2024-05-22 00:00:00
debiancve
debiancve
CVE-2023-5380
2023-10-25 20:15:18
cbl_mariner
cbl_mariner
ubuntucve
ubuntucve
CVE-2023-5380
2023-10-25 00:00:00
prion
prion
Design/Logic Flaw
2023-10-25 20:15:00
cvelist
cvelist
CVE-2023-5380 Xorg-x11-server: use-after-free bug in destroywindow
2023-10-25 19:46:59
oraclelinux
oraclelinux
tigervnc security update
2024-05-23 00:00:00
tigervnc security update
2023-11-22 00:00:00
tigervnc security update
2024-05-02 00:00:00
alpinelinux
alpinelinux
CVE-2023-5380
2023-10-25 20:15:18
ubuntu
ubuntu
X.Org X Server vulnerabilities
2023-10-25 00:00:00
X.Org X Server vulnerabilities
2023-10-31 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: xorg-x11-server-1.20.14-26.fc39
2023-11-03 19:06:15
[SECURITY] Fedora 39 Update: tigervnc-1.13.1-6.fc39
2023-11-17 01:38:57
[SECURITY] Fedora 38 Update: tigervnc-1.13.1-6.fc38
2023-11-13 01:29:19
amazon
amazon
Important: xorg-x11-server
2023-11-09 19:19:00
Important: xorg-x11-server
2023-11-10 17:32:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2325
2024-01-23 12:18:22
openvas
openvas
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1115)
2024-01-29 00:00:00
Fedora: Security Advisory for tigervnc (FEDORA-2023-4708733ccc)
2023-11-19 00:00:00
Ubuntu: Security Advisory (USN-6453-1)
2023-10-26 00:00:00
freebsd
freebsd
xorg-server -- Multiple vulnerabilities
2023-10-25 00:00:00
debian
debian
[SECURITY] [DLA 3631-1] xorg-server security update
2023-10-25 15:17:02
[SECURITY] [DSA 5534-1] xorg-server security update
2023-10-25 14:45:31
slackware
slackware
[slackware-security] xorg-server
2023-10-26 20:01:09
[slackware-security] tigervnc
2023-11-13 19:27:10
mageia
mageia
Updated tigervnc packages fix security vulnerabilities
2023-11-20 13:04:11
Updated x11-server packages fix security vulnerabilities
2023-11-07 02:08:32
redos
redos
ROS-20231114-02
2023-11-14 00:00:00
gentoo
gentoo
X.Org X Server, XWayland: Multiple Vulnerabilities
2024-01-31 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
CVSS3
4.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5
Confidence
High
EPSS
0
Percentile
16.7%
Related for CVE-2023-5380