Published: 25/10/2023 Updated: 30/04/2024

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 0

This vulnerability allows local malicious users to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Damage objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org x server
redhat enterprise linux 7.0

Debian Bug report logs - #1055426 xorg-server: CVE-2023-5574 Package: src:xorg-server; Maintainer for src:xorg-server is Debian X Strike Force <debian-x@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 5 Nov 2023 20:15:01 UTC Severity: important Tags: security, upstream Found in v ...

A use-after-free flaw was found in xorg-x11-server-Xvfb This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server ...

CWE-416 https://bugzilla.redhat.com/show_bug.cgi?id=2244735 https://access.redhat.com/security/cve/CVE-2023-5574 https://lists.x.org/archives/xorg-announce/2023-October/003430.html https://security.netapp.com/advisory/ntap-20231130-0004/https://access.redhat.com/errata/RHSA-2024:2298 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055426 https://nvd.nist.gov https://www.zerodayinitiative.com/advisories/ZDI-23-1807/

CVE-2023-5574

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect