Vulnerability Description
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mesa3D | Mesa | 23.0.4 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2024/Jan/28Mailing ListThird Party Advisory
- https://gitlab.freedesktop.org/mesa/mesa/-/issues/9856Broken Link
- https://seclists.org/fulldisclosure/2024/Jan/71Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/176800/Mesa-23.0.4-Null-Pointer.html
- http://seclists.org/fulldisclosure/2024/Jan/28Mailing ListThird Party Advisory
- https://gitlab.freedesktop.org/mesa/mesa/-/issues/9856Broken Link
- https://seclists.org/fulldisclosure/2024/Jan/71Mailing ListThird Party Advisory
FAQ
What is CVE-2023-45913?
CVE-2023-45913 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComp...
How severe is CVE-2023-45913?
CVE-2023-45913 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45913?
Check the references section above for vendor advisories and patch information. Affected products include: Mesa3D Mesa.