CVE-2023-1393: Use After Free
First published: Thu Mar 30 2023(Updated: )
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X.org Xorg-server | <21.1.8 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NOYATGGPMT3COC7ELAJW5TG2PVS3AFR2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSAAGI5V77FQXIT5PP4URP6BYQVCK5U5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHJMSMK7G4GPLMKIGKXIOL2RTKU5VFWE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SW2NRC3V53PIBXFPFBVWCOM2MDDILWQS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFUDSBSABRHQOX6TIQ5O3SNPFTPFQQP/
- https://security.gentoo.org/glsa/202305-30
- https://www.openwall.com/lists/oss-security/2023/03/29/1
Frequently Asked Questions
What is the severity of CVE-2023-1393?
The severity of CVE-2023-1393 is high.
How does CVE-2023-1393 lead to local privilege escalation?
CVE-2023-1393 leads to local privilege escalation through a Use-After-Free vulnerability in X.Org Server Overlay Window.
Which software versions are affected by CVE-2023-1393?
CVE-2023-1393 affects X.Org Server versions up to and excluding 21.1.8, Fedora 36, Fedora 37, and Fedora 38.
How can I fix CVE-2023-1393?
To fix CVE-2023-1393, users should update to the patched version of X.Org Server and apply any available security patches or updates provided by their operating system.
What is the Common Weakness Enumeration (CWE) of CVE-2023-1393?
The CWE of CVE-2023-1393 is CWE-416: Use After Free.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/description
- agent/event
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/x.org
- canonical/x.org xorg-server
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38