Vulnerability CVE-2023-5380: Information

Description

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Published: Oct. 25, 2023
Modified: Jan. 31, 2024
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xorg-serverp101.20.14-alt91.20.14-alt11ALT-PU-2023-6607-2332673Fixed
xorg-serverp10_e2k1.20.14-alt9.E2K.11.20.14-alt9.E2K.1ALT-PU-2023-7726-1-Fixed
xorg-serverp91.20.8-alt101.20.8-alt12ALT-PU-2023-7278-2334512Fixed
xorg-serverc10f11.20.14-alt91.20.14-alt9ALT-PU-2023-6974-2333359Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*
      End excliding
      23.2.2

      cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*
      End excliding
      21.1.9

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

      cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*