Lucene search

K

ROSA LABROSA-SA-2023-2154

HistoryApr 18, 2023 - 11:49 a.m.

Advisory ROSA-SA-2023-2154

2023-04-1811:49:06

ROSA LAB

abf.rosalinux.ru

5

advisory

tigervnc

1.8.0

rosa-server79

cve-2023-1393

use-after-free

elevated privileges

xserver

dangling pointer

compscreen

yum update

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.9%

Software: tigervnc 1.8.0
OS: rosa-server79

package_evr_string: 1.8.0-25

CVE-ID: CVE-2023-1393
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC: Use-After-Free can result in elevated local privileges. If a client explicitly destroys a linker overlay window (also known as COW), Xserver will leave a dangling pointer to that window in the CompScreen structure, which will later trigger use-after-free.
CVE-STATUS: Fixed
CVE-REV: Run the yum update tigervnc command to close it

OSVersionArchitecturePackageVersionFilename
rosaanynoarchtigervnc< 1.8.0UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.9%

Related for ROSA-SA-2023-2154