Fluid Attacks Database

Description

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	xorg-server	>=0 <2:21.1.7-1	2:21.1.7-1
debian 13	xwayland	>=0 <2:22.1.8-1	2:22.1.8-1
debian 11	xorg-server	=2:1.20.11-1 \|\| =2:1.20.11-1+deb11u1 \|\| =2:1.20.11-1+deb11u2 \|\| =2:1.20.11-1+deb11u3 \|\| =2:1.20.11-1+deb11u4 \|\| >=0 <2:1.20.11-1+deb11u5	2:1.20.11-1+deb11u5
debian 13	xorg-server	>=0 <2:21.1.7-1	2:21.1.7-1
debian 14	xorg-server	>=0 <2:21.1.7-1	2:21.1.7-1
debian 12	xwayland	>=0 <2:22.1.8-1	2:22.1.8-1
debian 14	xwayland	>=0 <2:22.1.8-1	2:22.1.8-1
rpm rhel8.4	tigervnc	<0:1.11.0-8.el8_4.1	0:1.11.0-8.el8_4.1
rpm rhel7	xorg-x11-server	<0:1.20.4-22.el7_9	0:1.20.4-22.el7_9
rpm rhel8	xorg-x11-server-Xwayland	<0:21.1.3-10.el8	0:21.1.3-10.el8

1-10 of 19

Aliases

1. CVE-2023-04942. NVD-2023-04943. OSV-DEBIAN-2023-04944. OSV-2023-04945. SECURITY-TRACKER-CVE-2023-0494

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.