Amazon Linux AMI 2: CVE-2023-5574: Security patch for xorg-x11-server (ALAS-2023-2352)

Amazon Linux AMI 2: CVE-2023-5574: Security patch for xorg-x11-server (ALAS-2023-2352)

Severity

7

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

10/25/2023

Created

12/06/2023

Added

12/05/2023

Modified

01/28/2025

Description

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.

Solution(s)

• amazon-linux-ami-2-upgrade-xorg-x11-server-common
• amazon-linux-ami-2-upgrade-xorg-x11-server-debuginfo
• amazon-linux-ami-2-upgrade-xorg-x11-server-devel
• amazon-linux-ami-2-upgrade-xorg-x11-server-source
• amazon-linux-ami-2-upgrade-xorg-x11-server-xdmx
• amazon-linux-ami-2-upgrade-xorg-x11-server-xephyr
• amazon-linux-ami-2-upgrade-xorg-x11-server-xnest
• amazon-linux-ami-2-upgrade-xorg-x11-server-xorg
• amazon-linux-ami-2-upgrade-xorg-x11-server-xvfb
• amazon-linux-ami-2-upgrade-xorg-x11-server-xwayland

References

• https://attackerkb.com/topics/cve-2023-5574
• AL2/ALAS-2023-2352
• CVE - 2023-5574