FreeBSD: VID-6CC63BF5-A727-4155-8EC4-68B626475E68 (CVE-2023-0494): xorg-server -- Security issue in the X server

FreeBSD: VID-6CC63BF5-A727-4155-8EC4-68B626475E68 (CVE-2023-0494): xorg-server -- Security issue in the X server

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

02/07/2023

Created

02/11/2023

Added

02/09/2023

Modified

01/28/2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-6CC63BF5-A727-4155-8EC4-68B626475E68:

The X.org project reports:

CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses

use-after-free

A dangling pointer in DeepCopyPointerClasses can be exploited by

ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write into

freed memory.

Solution(s)

• freebsd-upgrade-package-xephyr
• freebsd-upgrade-package-xorg-nestserver
• freebsd-upgrade-package-xorg-server
• freebsd-upgrade-package-xorg-vfbserver
• freebsd-upgrade-package-xwayland
• freebsd-upgrade-package-xwayland-devel

References

• CVE-2023-0494
• SUSE-SU-2023:0282-1