Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-5574
7.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Xorg-x11-server: use-after-free bug in damagedestroy
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
References
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
-
-
-
-
-
-
-
https://security.netapp.com/advisory/ntap-20231130-0004/ x_transferred
Affected products
tigervnc
- *
xorg-server
- ==21.1.9
xorg-x11-server
xorg-x11-server-Xwayland