CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
16.7%
The X.Org project reports:
ZDI-CAN-22153/CVE-2023-5367: X.Org server: OOB write
in XIChangeDeviceProperty/RRChangeOutputProperty
When prepending values to an existing property an
invalid offset calculation causes the existing values to
be appended at the wrong offset. The resulting memcpy()
would write into memory outside the heap-allocated
array.
ZDI-CAN-21608/CVE-2023-5380: Use-after-free bug in
DestroyWindow
This vulnerability requires a legacy multi-screen setup
with multiple protocol screens ("Zaphod"). If the pointer
is warped from one screen to the root window of the other
screen, the enter/leave code may retain a reference to the
previous pointer window. Destroying this window leaves
that reference in place, other windows may then trigger a
use-after-free bug when they are destroyed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | xorg-server | < 21.1.9,1 | UNKNOWN |
FreeBSD | any | noarch | xephyr | < 21.1.9,1 | UNKNOWN |
FreeBSD | any | noarch | xorg-vfbserver | < 21.1.9,1 | UNKNOWN |
FreeBSD | any | noarch | xorg-nestserver | < 21.1.9,2 | UNKNOWN |
FreeBSD | any | noarch | xwayland | < 23.2.2,1 | UNKNOWN |
FreeBSD | any | noarch | xwayland-devel | < 21.0.99.1.542 | UNKNOWN |