Corrective Issues Identified in X.org Server and DDX Component
The X.org Server 21.1.9 and xwayland 22.2.2 have been found to contain corrective issues. These updates are crucial for the implementation of X11 applications on Wayland. The vulnerabilities present in the previous versions of these components may allow privilege escalation and remote execution of code through X11 sessions with Root rights or SSH access.
The following problems have been identified:
- CVE-2023-5367 – A buffer overflow vulnerability in the XICHANGEDEVICEPROPROPERTY and RRCHANGEOUTPUTPROPROPERTY functions can be exploited by attaching additional elements to the input device or RANDR property. This vulnerability has been present since the release of Xorg-Server 1.4.0 (2007) and is caused by miscalculating displacement when attaching additional elements to existing properties. The incorrect displacement leads to writing to memory areas outside the intended buffer.
- CVE-2023-5380 – This vulnerability, known as USE-After-Free, was discovered in the Destroywindow function. It can be exploited by moving the pointer between screens in multi-monitor configurations using Zaphod mode. The vulnerability affects Xorg-Server 1.7.0 (2009) and occurs due to the active pointer to a past window in the structure responsible for screen attachment. Notably, Xwayland is not vulnerable to this issue.
- CVE-2023-5574 – A USE-AFTER-FREE vulnerability has been identified in the DamageDestroy function of the server xvfb. This vulnerability occurs when cleaning the ScreenRe structure during server completion or client disconnection. Similar to the previous vulnerability, this is specific to multi-monitor configurations in Zaphod mode. The vulnerability has been present since Xorg-Server-1.13.0 (2012) and remains unaddressed except for a patch.
/Reports, release notes, official announcements.