CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
16.7%
xorg-server is vulnerable to Use After Free. The vulnerability is caused when using X server in Zaphod mode (a multi-screen setup with multiple protocol screens) when the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. This can lead to server crash resulting in Denial Of Service (DOS).
access.redhat.com/errata/RHSA-2023:7428
access.redhat.com/errata/RHSA-2024:2169
access.redhat.com/errata/RHSA-2024:2298
access.redhat.com/errata/RHSA-2024:2995
access.redhat.com/errata/RHSA-2024:3067
access.redhat.com/security/cve/CVE-2023-5380
bugzilla.redhat.com/show_bug.cgi?id=2244736
lists.fedoraproject.org/archives/list/[email protected]/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
lists.fedoraproject.org/archives/list/[email protected]/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
lists.fedoraproject.org/archives/list/[email protected]/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
lists.fedoraproject.org/archives/list/[email protected]/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
lists.fedoraproject.org/archives/list/[email protected]/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
lists.x.org/archives/xorg-announce/2023-October/003430.html
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
security.gentoo.org/glsa/202401-30
security.netapp.com/advisory/ntap-20231130-0004/
www.debian.org/security/2023/dsa-5534