CVE-2023-5380

Name
CVE-2023-5380
Description
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2244736
MISC https://lists.x.org/archives/xorg-announce/2023-October/003430.html
MISC https://access.redhat.com/security/cve/CVE-2023-5380
MISC https://www.debian.org/security/2023/dsa-5534
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
https://access.redhat.com/errata/RHSA-2023:7428
secalert@redhat.com https://security.netapp.com/advisory/ntap-20231130-0004/
secalert@redhat.com https://security.gentoo.org/glsa/202401-30
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2169
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2298
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2995
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:3067
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* xwayland >= None < 23.2.2
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= None < 21.1.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xwayland edge-community 22.1.8-r0 psykose <alice@ayaya.dev> fixed
xwayland edge-community 22.1.6-r0 psykose <alice@ayaya.dev> fixed
xwayland edge-community 21.1.4-r0 None possibly vulnerable
xwayland edge-community 21.1.0-r4 None possibly vulnerable
xwayland 3.22-community 22.1.8-r0 None fixed
xwayland 3.22-community 22.1.6-r0 None fixed
xwayland 3.22-community 21.1.4-r0 None possibly vulnerable
xwayland 3.22-community 21.1.0-r4 None possibly vulnerable
xwayland 3.18-community 23.1.2-r1 psykose <alice@ayaya.dev> fixed
xwayland 3.18-community 23.1.2-r0 psykose <alice@ayaya.dev> fixed
xorg-server edge-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.22-community 21.1.9-r0 None fixed
xorg-server 3.21-community 21.1.9-r0 None fixed
xorg-server 3.20-community 21.1.9-r0 None fixed
xorg-server 3.19-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xorg-server 3.18-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed