CVE-2023-5367: Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
First published: Tue Oct 10 2023(Updated: )
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/xorg-server | <=2:1.20.4-1+deb10u4<=2:1.20.11-1+deb11u6 | 2:1.20.4-1+deb10u12 2:1.20.11-1+deb11u10 2:21.1.7-3+deb12u2 2:21.1.7-3+deb12u4 2:21.1.10-1 |
| debian/xwayland | <=2:22.1.9-1 | 2:23.2.3-1 |
| ubuntu/xorg-server | <2:1.15.1-0ubuntu2.11+ | 2:1.15.1-0ubuntu2.11+ |
| ubuntu/xorg-server | <2:1.18.4-0ubuntu0.12+ | 2:1.18.4-0ubuntu0.12+ |
| ubuntu/xorg-server | <2:1.19.6-1ubuntu4.15+ | 2:1.19.6-1ubuntu4.15+ |
| ubuntu/xorg-server | <21.1.9 | 21.1.9 |
| ubuntu/xorg-server | <2:1.20.13-1ubuntu1~20.04.9 | 2:1.20.13-1ubuntu1~20.04.9 |
| ubuntu/xorg-server | <2:21.1.4-2ubuntu1.7~22.04.2 | 2:21.1.4-2ubuntu1.7~22.04.2 |
| ubuntu/xorg-server | <2:21.1.7-1ubuntu3.1 | 2:21.1.7-1ubuntu3.1 |
| ubuntu/xorg-server | <2:21.1.7-3ubuntu2.1 | 2:21.1.7-3ubuntu2.1 |
| ubuntu/xwayland | <23.2.2 | 23.2.2 |
| ubuntu/xwayland | <2:22.1.1-1ubuntu0.7 | 2:22.1.1-1ubuntu0.7 |
| ubuntu/xwayland | <2:22.1.8-1ubuntu1.1 | 2:22.1.8-1ubuntu1.1 |
| ubuntu/xwayland | <2:23.2.0-1ubuntu0.1 | 2:23.2.0-1ubuntu0.1 |
| X.Org X Server | <21.1.9 | |
| X.org Xwayland | <23.2.2 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Fedoraproject Fedora | =38 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 | |
| redhat/xorg-server | <21.1.9 | 21.1.9 |
| redhat/xwayland | <23.2.2 | 23.2.2 |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux For Ibm Z Systems | =7.0_s390x | |
| Redhat Enterprise Linux For Power Big Endian | =7.0_ppc64 | |
| Redhat Enterprise Linux For Power Little Endian | =7.0_ppc64le | |
| Redhat Enterprise Linux For Scientific Computing | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2243091
- https://access.redhat.com/security/cve/CVE-2023-5367
- https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
- https://www.debian.org/security/2023/dsa-5534
- https://access.redhat.com/errata/RHSA-2023:6802
- https://access.redhat.com/errata/RHSA-2023:6808
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
- https://access.redhat.com/errata/RHSA-2023:7373
- https://access.redhat.com/errata/RHSA-2023:7388
- https://access.redhat.com/errata/RHSA-2023:7405
- https://access.redhat.com/errata/RHSA-2023:7428
- https://access.redhat.com/errata/RHSA-2023:7436
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
- https://access.redhat.com/errata/RHSA-2023:7526
- https://access.redhat.com/errata/RHSA-2023:7533
- https://access.redhat.com/errata/RHSA-2024:0010
- https://security.netapp.com/advisory/ntap-20231130-0004/
- https://launchpad.net/bugs/cve/CVE-2023-5367
- https://access.redhat.com/errata/RHSA-2024:0128
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
- https://security-tracker.debian.org/tracker/CVE-2023-5367
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5367
- https://ubuntu.com/security/notices/USN-6453-1
- https://ubuntu.com/security/notices/USN-6453-2
- https://nvd.nist.gov/vuln/detail/CVE-2023-5367
- https://ubuntu.com/security/CVE-2023-5367
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2246136
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2246137
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2247468
- https://security.gentoo.org/glsa/202401-30
Frequently Asked Questions
What is the severity of CVE-2023-5367?
The severity of CVE-2023-5367 is high (7.8).
How does CVE-2023-5367 affect xorg-x11-server?
CVE-2023-5367 affects xorg-x11-server versions 2:1.15.1-0ubuntu2.11+ or later.
How does CVE-2023-5367 affect xwayland?
CVE-2023-5367 affects xwayland versions 2:23.2.2 or earlier.
What is the remedy for CVE-2023-5367 on Ubuntu?
The remedy for CVE-2023-5367 on Ubuntu is to update xorg-server to version 2:1.15.1-0ubuntu2.11+ or later.
What is the remedy for CVE-2023-5367 on Debian?
The remedy for CVE-2023-5367 on Debian is to update xorg-server to version 2:1.20.4-1+deb10u10, 2:1.20.11-1+deb11u8, or 2:21.1.7-3+deb12u2.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- agent/title
- agent/severity
- agent/softwarecombine
- agent/description
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- source/NVD
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-5367
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- agent/last-modified-date
- collector/nvd-api
- package-manager/debian
- package-manager/ubuntu
- vendor/x.org
- canonical/x.org x server
- canonical/x.org xwayland
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- version/debian debian linux/12.0
- package-manager/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/7.0_s390x
- canonical/redhat enterprise linux for power big endian
- version/redhat enterprise linux for power big endian/7.0_ppc64
- canonical/redhat enterprise linux for power little endian
- version/redhat enterprise linux for power little endian/7.0_ppc64le
- canonical/redhat enterprise linux for scientific computing
- version/redhat enterprise linux for scientific computing/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- version/fedoraproject fedora/37
- version/fedoraproject fedora/39