CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
15.9%
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. (CVE-2023-1393)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | tigervnc | < 1.11.0-4.3 | tigervnc-1.11.0-4.3.mga8 |
Mageia | 8 | noarch | x11-server | < 1.20.14-4.3 | x11-server-1.20.14-4.3.mga8 |
access.redhat.com/errata/RHSA-2023:1592
bugs.mageia.org/show_bug.cgi?id=31732
lists.fedoraproject.org/archives/list/[email protected]/thread/CB62PUAZRE2ZK6PDX6OZ2WSYXDJGBGTS/
lists.fedoraproject.org/archives/list/[email protected]/thread/SW2NRC3V53PIBXFPFBVWCOM2MDDILWQS/
lists.x.org/archives/xorg-announce/2023-March/003374.html
ubuntu.com/security/notices/USN-5986-1
www.debian.org/security/2023/dsa-5380