Lucene search

K
cvelistRedhatCVELIST:CVE-2023-0494
HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-0494

2023-03-2700:00:00
CWE-416
redhat
www.cve.org
x.org
vulnerability
dangling pointer
local privilege escalation
remote code execution
ssh x forwarding

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.4%

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "xorg-x11-server",
    "versions": [
      {
        "version": "xorg-server 21.1.7",
        "status": "affected"
      }
    ]
  }
]