Home > Vulnerability Database > CVE-2023-1393

Mend.io Vulnerability Database

CVE-2023-1393

Date: March 30, 2023

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Language: C

Severity Score

7.8

Related Resources (17)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F/

Url: https://security-tracker.debian.org/tracker/CVE-2023-1393

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFUDSBSABRHQOX6TIQ5O3SNPFTPFQQP/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SW2NRC3V53PIBXFPFBVWCOM2MDDILWQS/

Url: https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110

Url: https://seclists.org/oss-sec/2023/q1/206

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHJMSMK7G4GPLMKIGKXIOL2RTKU5VFWE/

Url: https://access.redhat.com/security/cve/CVE-2023-1393

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NOYATGGPMT3COC7ELAJW5TG2PVS3AFR2/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI/

Url: https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2/

Url: https://security.gentoo.org/glsa/202305-30

Url: https://www.openwall.com/lists/oss-security/2023/03/29/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1393

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSAAGI5V77FQXIT5PP4URP6BYQVCK5U5/

Url: https://www.mend.io/vulnerability-database/CVE-2023-1393

Severity Score

7.8

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1393

Date: March 30, 2023

Language: C

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?