CVE-2023-45922 — MEDIUM (4.3)

Vulnerability Description

glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mesa3D	Mesa	23.0.4

Related Weaknesses (CWE)

CWE-754

References

http://seclists.org/fulldisclosure/2024/Jan/50Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/71Mailing ListThird Party Advisory
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9857Issue Tracking
http://packetstormsecurity.com/files/176805/Mesa-23.0.4-Buffer-Overflow-Null-Poi
http://seclists.org/fulldisclosure/2024/Jan/50Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Jan/71Mailing ListThird Party Advisory
https://gitlab.freedesktop.org/mesa/mesa/-/issues/9857Issue Tracking

FAQ

What is CVE-2023-45922?

CVE-2023-45922 is a vulnerability with a CVSS score of 4.3 (MEDIUM). glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users r...

How severe is CVE-2023-45922?

CVE-2023-45922 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-45922?

Check the references section above for vendor advisories and patch information. Affected products include: Mesa3D Mesa.