Lucene search
Ubuntu.comUB:CVE-2023-1393HistoryMar 29, 2023 - 12:00 a.m.
CVE-2023-1393
2023-03-2900:00:00
ubuntu.com
ubuntu.com
23
x.org server
overlay window
local privilege escalation
use-after-free
vulnerability
compositor
tigervnc
zdi-can-19866
ubuntu
debian
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.1%
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead
to local privilege escalation. If a client explicitly destroys the
compositor overlay window (aka COW), the Xserver would leave a dangling
pointer to that window in the CompScreen structure, which will trigger a
use-after-free later.
Bugs
- <https://bugs.launchpad.net/ubuntu/+source/tigervnc/+bug/2048442>
- <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051921>
Notes
| Author | Note |
|---|---|
| mdeslaur | xorg server is actually the xorg-server package the xorg package only contains docs xwayland package contains parts of xorg-server This is ZDI-CAN-19866 tigervnc needs a no-change rebuild once xorg-server is fixed |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | tigervnc | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | tigervnc | < 1.10.1+dfsg-3ubuntu0.20.04.1 | UNKNOWN |
| ubuntu | 22.04 | noarch | tigervnc | < 1.12.0+dfsg-4ubuntu0.22.04.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | tigervnc | < 1.12.0+dfsg-8ubuntu0.23.04.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | tigervnc | < 1.12.0+dfsg-8ubuntu0.23.10.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | xorg-server | < 2:1.19.6-1ubuntu4.15 | UNKNOWN |
| ubuntu | 20.04 | noarch | xorg-server | < 2:1.20.13-1ubuntu1~20.04.8 | UNKNOWN |
| ubuntu | 22.04 | noarch | xorg-server | < 2:21.1.3-2ubuntu2.9 | UNKNOWN |
| ubuntu | 22.10 | noarch | xorg-server | < 2:21.1.4-2ubuntu1.7 | UNKNOWN |
| ubuntu | 23.04 | noarch | xorg-server | < 2:21.1.7-1ubuntu3 | UNKNOWN |
Related
osv
osv
xorg-server - security update
2023-03-29 00:00:00
xorg-server, xorg-server-hwe-18.04, xwayland vulnerability
2023-03-29 18:12:56
CVE-2023-1393
2023-03-30 21:15:06
nessus
nessus
Fedora 37 : xorg-x11-server (2023-7d7c74b868)
2023-03-29 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2023:1678-1)
2023-03-30 00:00:00
RHEL 9 : tigervnc (RHSA-2023:1592)
2023-04-05 00:00:00
redhat
redhat
(RHSA-2023:1551) Important: tigervnc security update
2023-04-04 06:28:11
(RHSA-2023:1594) Important: tigervnc and xorg-x11-server security update
2023-04-04 09:16:07
(RHSA-2023:1599) Important: tigervnc security update
2023-04-04 09:17:56
fedora
fedora
[SECURITY] Fedora 36 Update: xorg-x11-server-Xwayland-22.1.9-1.fc36
2023-04-14 01:31:42
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-21.fc37
2023-03-30 01:22:57
[SECURITY] Fedora 37 Update: tigervnc-1.13.1-3.fc37
2023-04-03 01:36:10
redos
redos
ROS-20230419-03
2023-04-19 00:00:00
oraclelinux
oraclelinux
xorg-x11-server security and bug fix update
2023-11-17 00:00:00
tigervnc security update
2023-04-04 00:00:00
xorg-x11-server-Xwayland security, bug fix, and enhancement update
2023-11-11 00:00:00
openvas
openvas
Fedora: Security Advisory for xorg-x11-server (FEDORA-2023-7d7c74b868)
2023-03-31 00:00:00
Fedora: Security Advisory for tigervnc (FEDORA-2023-66d5af0278)
2023-04-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1677-1)
2023-03-30 00:00:00
mageia
mageia
Updated tigervnc/x11-server packages fix security vulnerability
2023-04-11 22:02:20
almalinux
almalinux
Moderate: xorg-x11-server security and bug fix update
2023-11-07 00:00:00
Important: tigervnc security update
2023-04-04 00:00:00
Important: tigervnc security update
2023-04-04 00:00:00
debiancve
debiancve
CVE-2023-1393
2023-03-30 21:15:06
veracode
veracode
Privilege Escalation
2023-04-05 21:05:12
freebsd
freebsd
xorg-server -- Overlay Window Use-After-Free
2023-03-29 00:00:00
zdi
zdi
prion
prion
Design/Logic Flaw
2023-03-30 21:15:00
cbl_mariner
cbl_mariner
redhatcve
redhatcve
CVE-2023-1393
2023-03-30 09:13:48
ubuntu
ubuntu
X.Org X Server vulnerability
2023-03-29 00:00:00
slackware
slackware
[slackware-security] xorg-server
2023-03-29 21:04:01
[slackware-security] tigervnc
2023-11-13 19:27:10
cve
cve
CVE-2023-1393
2023-03-30 21:15:06
debian
debian
[SECURITY] [DLA 3372-1] xorg-server security update
2023-03-29 14:32:35
[SECURITY] [DSA 5380-1] xorg-server security update
2023-03-29 12:59:00
cvelist
cvelist
CVE-2023-1393
2023-03-30 00:00:00
rocky
rocky
tigervnc security update
2023-04-06 15:24:04
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.14-alt8
2023-04-05 00:00:00
alpinelinux
alpinelinux
CVE-2023-1393
2023-03-30 21:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2154
2023-04-18 11:49:06
Advisory ROSA-SA-2023-2153
2023-04-18 11:48:32
nvd
nvd
CVE-2023-1393
2023-03-30 21:15:06
gentoo
gentoo
X.Org X server, XWayland: Multiple Vulnerabilities
2023-05-30 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.1%
Related for UB:CVE-2023-1393