fkie_nvd - fkie_cve-2023-0494

fkie_cve-2023-0494

Vulnerability from fkie_nvd

Published

2023-03-27 21:15

Modified

2024-11-21 07:37

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2165995	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec	Patch
secalert@redhat.com	https://lists.x.org/archives/xorg-announce/2023-February/003320.html	Mailing List, Vendor Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202305-30
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2165995	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.x.org/archives/xorg-announce/2023-February/003320.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-30

Impacted products

Vendor	Product	Version
x.org	x_server	*
fedoraproject	fedora	36
fedoraproject	fedora	37
redhat	enterprise_linux	8.0
redhat	enterprise_linux	8.1
redhat	enterprise_linux	9.0
redhat	enterprise_linux_aus	8.4
redhat	enterprise_linux_aus	8.6
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	8.4
redhat	enterprise_linux_eus	8.6
redhat	enterprise_linux_eus	9.0
redhat	enterprise_linux_for_ibm_z_systems	7.0
redhat	enterprise_linux_for_ibm_z_systems	8.0
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4
redhat	enterprise_linux_for_ibm_z_systems_eus	8.6
redhat	enterprise_linux_for_power_big_endian	7.0
redhat	enterprise_linux_for_power_little_endian	7.0
redhat	enterprise_linux_for_power_little_endian	8.0
redhat	enterprise_linux_for_power_little_endian	9.0
redhat	enterprise_linux_for_power_little_endian_eus	8.4
redhat	enterprise_linux_for_power_little_endian_eus	8.6
redhat	enterprise_linux_for_scientific_computing	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	8.2
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0
redhat	enterprise_linux_server_tus	8.2
redhat	enterprise_linux_server_tus	8.4
redhat	enterprise_linux_server_tus	8.6
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.2
redhat	enterprise_linux_server_workstation	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B7D5030-1EC6-4BAD-B66D-859A906E3D38",
              "versionEndExcluding": "21.1.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF30E57A-97EA-4A44-8404-6AE4F058B44D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D5F4FA7-E5C5-4C23-BDA8-36A36972E4F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CA4F12A-5BC5-4D75-8F20-80D8BB2C5BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF5C4AC-CA69-41E3-AD93-7AC21931374A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35EEDB95-DCD1-4FED-9BBB-877B2062410C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "492DF629-16B8-4882-822D-A6897B03DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7808D1-B267-4361-8187-5AB70B64179A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions."
    }
  ],
  "id": "CVE-2023-0494",
  "lastModified": "2024-11-21T07:37:17.293",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-27T21:15:10.193",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165995"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.x.org/archives/xorg-announce/2023-February/003320.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/202305-30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.x.org/archives/xorg-announce/2023-February/003320.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-30"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2023-0494

Vulnerability from cvelistv5

Published

2023-03-27 00:00

Modified

2024-08-02 05:10