CVE-2023-5574

Name
CVE-2023-5574
Description
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2244735
MISC https://access.redhat.com/security/cve/CVE-2023-5574
MISC https://lists.x.org/archives/xorg-announce/2023-October/003430.html
secalert@redhat.com https://security.netapp.com/advisory/ntap-20231130-0004/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:2298

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* xwayland >= None < 23.2.2
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= None < 21.1.9
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* x_server >= 1.13.0 <= None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xorg-server 3.18-community 21.1.9-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xwayland 3.18-community 23.1.2-r1 psykose <alice@ayaya.dev> fixed