7.8
CVSSv3

CVE-2023-0494

Published: 27/03/2023 Updated: 21/11/2024

Vulnerability Summary

This vulnerability allows local malicious users to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DeepCopyPointerClasses function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

x.org x server

fedoraproject fedora 36

fedoraproject fedora 37

redhat enterprise linux 8.0

redhat enterprise linux 8.1

redhat enterprise linux 9.0

redhat enterprise linux aus 8.4

redhat enterprise linux aus 8.6

redhat enterprise linux desktop 7.0

redhat enterprise linux eus 8.4

redhat enterprise linux eus 8.6

redhat enterprise linux eus 9.0

redhat enterprise linux for ibm z systems 7.0

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for ibm z systems eus 8.4

redhat enterprise linux for ibm z systems eus 8.6

redhat enterprise linux for power big endian 7.0

redhat enterprise linux for power little endian 7.0

redhat enterprise linux for power little endian 8.0

redhat enterprise linux for power little endian 9.0

redhat enterprise linux for power little endian eus 8.4

redhat enterprise linux for power little endian eus 8.6

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 8.2

redhat enterprise linux server for power little endian update services for sap solutions 8.1

redhat enterprise linux server for power little endian update services for sap solutions 8.2

redhat enterprise linux server for power little endian update services for sap solutions 8.4

redhat enterprise linux server for power little endian update services for sap solutions 8.6

redhat enterprise linux server for power little endian update services for sap solutions 9.0

redhat enterprise linux server tus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux server tus 8.6

redhat enterprise linux server update services for sap solutions 8.2

redhat enterprise linux server workstation 7.0

Vendor Advisories

Debian Bug report logs - #1030777 xorg-server: CVE-2023-0494 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Feb 2023 12:45:02 UTC Severity: grave Tags: security, upstream Found in versi ...
Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the Xorg X server may result in privilege escalation if the X server is running under the root user For the stable distribution (bullseye), this problem has been fixed in version 2:12011-1+deb11u5 We recommend that you upgrade your xorg-server packages For the ...
A vulnerability was found in XOrg This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forward ...
A vulnerability was found in XOrg This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forward ...
概要 Important: tigervnc security update タイプ/重大度 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems トピック An update for tigervnc is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Secu ...
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 T ...
Synopsis Moderate: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rate ...
Synopsis Moderate: xorg-x11-server-Xwayland security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9Red Hat Product Security ha ...
Synopsis Moderate: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rate ...
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has ra ...
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having ...
概要 Important: tigervnc security update タイプ/重大度 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems トピック An update for tigervnc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update ...
Synopsis Important: tigervnc and xorg-x11-server security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7Red Hat Product S ...
概要 Important: tigervnc security update タイプ/重大度 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems トピック An update for tigervnc is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Secu ...
Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Secur ...
A vulnerability was found in XOrg This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forward ...
A vulnerability was found in XOrg This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forward ...
Description<!---->A vulnerability was found in XOrg This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution ...