Lucene search

K
nvd[email protected]NVD:CVE-2023-5574
HistoryOct 25, 2023 - 8:15 p.m.

CVE-2023-5574

2023-10-2520:15:18
CWE-416
web.nvd.nist.gov
10
x11
xvfb
use-after-free
privilege escalation
denial of service

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

15.9%

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Affected configurations

Nvd
Node
x.orgx_serverRange1.13.0≥
Node
redhatenterprise_linuxMatch7.0
VendorProductVersionCPE
x.orgx_server*cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

High

EPSS

0

Percentile

15.9%