Use After Free Affecting xorg-x11-server-devel package, versions <0:1.20.4-23.el7_9


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use After Free vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS7-XORGX11SERVERDEVEL-5328693
  • published30 Mar 2023
  • disclosed29 Mar 2023

Introduced: 29 Mar 2023

CVE-2023-1393  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade Centos:7 xorg-x11-server-devel to version 0:1.20.4-23.el7_9 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xorg-x11-server-devel package and not the xorg-x11-server-devel package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

References

CVSS Scores

version 3.1