CVE-2023-5380 — MEDIUM (4.7)

Q: How severe is CVE-2023-5380?

CVE-2023-5380 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5380?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org X Server, X.Org Xwayland, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
X.Org	X Server	< 21.1.9
X.Org	Xwayland	< 23.2.2
Redhat	Enterprise Linux	7.0
Fedoraproject	Fedora	37
Debian	Debian Linux	11.0

Related Weaknesses (CWE)

CWE-416

References

https://access.redhat.com/errata/RHSA-2023:7428Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2298
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:3067
https://access.redhat.com/security/cve/CVE-2023-5380Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244736Issue Tracking
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlPatchVendor Advisory
https://access.redhat.com/errata/RHSA-2023:7428Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2298
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:3067
https://access.redhat.com/security/cve/CVE-2023-5380Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244736Issue Tracking

FAQ

What is CVE-2023-5380?

CVE-2023-5380 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaph...

How severe is CVE-2023-5380?

CVE-2023-5380 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5380?

Check the references section above for vendor advisories and patch information. Affected products include: X.Org X Server, X.Org Xwayland, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux.