CVE-2023-5380 - Use After Free

Severity

47%

Complexity

10%

Confidentiality

60%

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

CVSS 3.1 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

Type

Red Hat Enterprise Linux

First reported 1 year ago

2023-10-25 20:15:00

Last updated 1 year ago

2023-11-30 22:15:00

Affected Software

Red Hat Enterprise Linux (RHEL) 7.0 (7)

7.0

Red Hat Enterprise Linux 8.0

8.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=2244736

https://lists.x.org/archives/xorg-announce/2023-October/003430.html

https://access.redhat.com/security/cve/CVE-2023-5380

https://www.debian.org/security/2023/dsa-5534

https://lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/

https://bugzilla.redhat.com/show_bug.cgi?id=2244736

Issue Tracking

https://lists.x.org/archives/xorg-announce/2023-October/003430.html

Patch, Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-5380

Third Party Advisory

https://www.debian.org/security/2023/dsa-5534

Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/

https://lists.fedoraproject.org/archives/list/[email protected]/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/

https://lists.fedoraproject.org/archives/list/[email protected]/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/

RHSA-2023:7428

https://security.netapp.com/advisory/ntap-20231130-0004/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.