Vulnerability CVE-2023-5367: Information

Description

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: Oct. 25, 2023
Modified: Feb. 16, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xorg-serverp101.20.14-alt91.20.14-alt11ALT-PU-2023-6607-2332673Fixed
xorg-serverp10_e2k1.20.14-alt9.E2K.11.20.14-alt9.E2K.1ALT-PU-2023-7726-1-Fixed
xorg-serverp91.20.8-alt101.20.8-alt12ALT-PU-2023-7278-2334512Fixed
xorg-serverc10f11.20.14-alt91.20.14-alt9ALT-PU-2023-6974-2333359Fixed
xorg-serverc9f21.20.8-alt121.20.8-alt9ALT-PU-2024-3261-1341756Testing
xorg-xwaylandp1023.1.1-alt223.1.1-alt4ALT-PU-2023-6608-2332673Fixed
xorg-xwaylandc10f123.1.1-alt223.1.1-alt2ALT-PU-2023-6973-2333359Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2243091
  • Issue Tracking
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5367
  • Third Party Advisory
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
  • Patch
  • Vendor Advisory
https://www.debian.org/security/2023/dsa-5534
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
  • Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
  • Mailing List
RHSA-2023:6802
  • Third Party Advisory
RHSA-2023:6808
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
  • Mailing List
  • Third Party Advisory
RHSA-2023:7373
  • Third Party Advisory
RHSA-2023:7388
  • Third Party Advisory
RHSA-2023:7405
  • Third Party Advisory
RHSA-2023:7428
  • Third Party Advisory
RHSA-2023:7436
  • Third Party Advisory
RHSA-2023:7526
  • Third Party Advisory
RHSA-2023:7533
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20231130-0004/
  • Third Party Advisory
RHSA-2024:0010
  • Third Party Advisory
RHSA-2024:0128
  • Third Party Advisory
https://security.gentoo.org/glsa/202401-30
  • Third Party Advisory
    1. Configuration 1

      cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
      End excliding
      23.2.2

      cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
      End excliding
      21.1.9

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*