A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3310-1 xorg-server security update
Debian DSA Debian DSA DSA-5342-1 xorg-server security update
EUVD EUVD EUVD-2023-12542 A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Ubuntu USN Ubuntu USN USN-5778-2 X.Org X Server vulnerabilities
Ubuntu USN Ubuntu USN USN-5846-1 X.Org X Server vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 24 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-02-24T17:43:00.816Z

Reserved: 2023-01-25T00:00:00.000Z

Link: CVE-2023-0494

cve-icon Vulnrichment

Updated: 2024-08-02T05:10:56.201Z

cve-icon NVD

Status : Modified

Published: 2023-03-27T21:15:10.193

Modified: 2025-02-24T18:15:16.550

Link: CVE-2023-0494

cve-icon Redhat

Severity : Important

Publid Date: 2023-02-07T00:00:00Z

Links: CVE-2023-0494 - Bugzilla

cve-icon OpenCVE Enrichment

No data.