Lucene search

K

ROSA LABROSA-SA-2023-2153

HistoryApr 18, 2023 - 11:48 a.m.

Advisory ROSA-SA-2023-2153

2023-04-1811:48:32

ROSA LAB

abf.rosalinux.ru

15

rosasa-2023 xorg-x11-server use-after-free

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.9%

Software: xorg-x11-server 1.20.4
OS: rosa-server79

package_evr_string: 1.20.4-23

CVE-ID: CVE-2023-1393
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: Use-After-Free can result in elevated local privileges. If a client explicitly destroys a linker overlay window (also known as COW), Xserver will leave a dangling pointer to that window in the CompScreen structure, which will later trigger use-after-free.
CVE-STATUS: Fixed
CVE-REV: Run the yum update xorg-x11-server command to close it

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.9%

Related for ROSA-SA-2023-2153