CVE-2023-5380

MEDIUM

x.org X Server - Use-After-Free in Multi-Screen Zaphod Mode

Title source: llm
STIX 2.1

Description

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

References (18)

Core 18
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7428
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2169
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2298
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2995
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:3067
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-5380
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2244736

Scores

CVSS v3 4.7
EPSS 0.0008
EPSS Percentile 22.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-416
Status published
Products (10)
debian/debian_linux 11.0
debian/debian_linux 12.0
fedoraproject/fedora 37
fedoraproject/fedora 38
fedoraproject/fedora 39
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
redhat/enterprise_linux 9.0
x.org/x_server < 21.1.9
x.org/xwayland < 23.2.2
Published Oct 25, 2023
Tracked Since Feb 18, 2026