[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-xorg
Subject: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
From: Olivier Fourdan <ofourdan () redhat ! com>
Date: 2023-03-29 12:15:05
Message-ID: c9e91f68-1e32-5f46-b394-8f6545e5cf9b () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
[Attachment #4 (multipart/mixed)]
[Attachment #6 (text/plain)]
X.Org Security Advisory: March 29, 2023
X.Org Server Overlay Window Use-After-Free
==========================================
This issue can lead to local privileges elevation on systems where the X
server is running privileged and remote code execution for ssh X forwarding
sessions.
ZDI-CAN-19866/CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
Local Privilege Escalation Vulnerability
If a client explicitly destroys the compositor overlay window (aka COW),
the Xserver would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.
Patches
-------
Patch for this issue have been committed to the xorg server git repository.
xorg-server 21.1.8 will be released shortly and will include this patch.
- commit 26ef545b3 - composite: Fix use-after-free of the COW
(https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3)
ZDI-CAN-19866/CVE-2023-1393
If a client explicitly destroys the compositor overlay window (aka COW),
we would leave a dangling pointer to that window in the CompScreen
structure, which will trigger a use-after-free later.
Make sure to clear the CompScreen pointer to the COW when the latter gets
destroyed explicitly by the client.
Thanks
======
The vulnerabilities have been discovered by Jan-Niklas Sohn working with
Trend Micro Zero Day Initiative.
["OpenPGP_0x14706DBE1E4B4540.asc" (application/pgp-keys)]
["OpenPGP_signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic