Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2126
HistoryFeb 28, 2023 - 10:19 a.m.

Advisory ROSA-SA-2023-2126

2023-02-2810:19:45
ROSA LAB
abf.rosalinux.ru
7
advisory
tigervnc
rosa-server79
local privilege escalation
remote code execution
x.org vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.9%

Software: tigervnc 1.8.0
OS: rosa-server79

package_evr_string: tigervnc-1.8.0-22

CVE-ID: CVE-2023-0494
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: A vulnerability has been discovered in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be used by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write to freed memory. This can lead to local privilege escalation on systems where the X server performs privileged and remote code execution for ssh X forwarding sessions.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update command

OSVersionArchitecturePackageVersionFilename
rosaanynoarchtigervnc< 1.8.0UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

51.9%