QwikSec

Security Database

CVE

CWE

Training

CVE-2023-0494

Published: Mar 27, 2023

Modified: Feb 24, 2025

PUBLISHED

Description

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Vendor	Product	Versions
n/a	xorg-x11-server	affected `xorg-server 21.1.7`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2165995

https://lists.x.org/archives/xorg-announce/2023-February/003320.html

https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.