CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2243091	Issue Tracking Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5367	Third Party Advisory
https://lists.x.org/archives/xorg-announce/2023-October/003430.html	Patch Vendor Advisory
https://www.debian.org/security/2023/dsa-5534	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
https://access.redhat.com/errata/RHSA-2023:6802
https://access.redhat.com/errata/RHSA-2023:6808
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
https://access.redhat.com/errata/RHSA-2023:7373
https://access.redhat.com/errata/RHSA-2023:7388
https://access.redhat.com/errata/RHSA-2023:7405
https://access.redhat.com/errata/RHSA-2023:7428
https://access.redhat.com/errata/RHSA-2023:7436
https://access.redhat.com/errata/RHSA-2023:7526
https://access.redhat.com/errata/RHSA-2023:7533
https://security.netapp.com/advisory/ntap-20231130-0004/
https://access.redhat.com/errata/RHSA-2024:0010
https://access.redhat.com/errata/RHSA-2024:0128

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:x.org:xwayland::::::::
	cpe:2.3:a:x.org:x_server::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Information

Published : 2023-10-25 20:15

Updated : 2024-01-10 15:15

NVD link : CVE-2023-5367

Mitre link : CVE-2023-5367

JSON object : View

Products Affected

debian

debian_linux

fedoraproject

fedora

x.org

xwayland
x_server

redhat

enterprise_linux

CWE

CWE-787

Out-of-bounds Write

7.8 /10