Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2023-5380

Disclosure Date: October 25, 2023 •

CVE-2023-5380 CVSS v3 Base Score: 4.7

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

4.7 Medium

Impact Score:

3.6

Exploitability Score:

1

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

debian,
fedoraproject,
redhat,
x.org

Products

debian linux 11.0,
debian linux 12.0,
enterprise linux 7.0,
enterprise linux 8.0,
enterprise linux 9.0,
fedora 37,
fedora 38,
fedora 39,
x server,
xwayland

References

Canonical

CVE-2023-5380 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5380)

Miscellaneous

https://access.redhat.com/security/cve/CVE-2023-5380

https://bugzilla.redhat.com/show_bug.cgi?id=2244736

https://lists.x.org/archives/xorg-announce/2023-October/003430.html

https://www.debian.org/security/2023/dsa-5534

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/

https://access.redhat.com/errata/RHSA-2023:7428

https://security.netapp.com/advisory/ntap-20231130-0004/

https://security.gentoo.org/glsa/202401-30

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2298

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:3067

Rapid7

Technical Analysis