CVE-2023-5574

Summary

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 90:1.13.1-8.el9 < *unaffected

Weaknesses

  • CWE-416: Use After Free

Workarounds

Starting Xvfb with the -noreset command line option limits the use-after-free from being triggered only at the Xvfb server shutdown. Also, do not start Xvfb as root.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References