CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
x.orgx_server
𝑥
< 21.1.9
x.orgxwayland
𝑥
< 23.2.2
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
debiandebian_linux
11.0
debiandebian_linux
12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bookworm
2:21.1.7-3+deb12u8
fixed
bookworm (security)
2:21.1.7-3+deb12u8
fixed
bullseye
2:1.20.11-1+deb11u13
fixed
bullseye (security)
2:1.20.11-1+deb11u14
fixed
sid
2:21.1.15-2
fixed
trixie
2:21.1.15-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
not-affected
xorg-hwe-16.04
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
not-affected
xorg-hwe-18.04
bionic
not-affected
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
xorg-server
bionic
Fixed 2:1.19.6-1ubuntu4.15+esm1
released
focal
Fixed 2:1.20.13-1ubuntu1~20.04.9
released
jammy
Fixed 2:21.1.4-2ubuntu1.7~22.04.2
released
lunar
Fixed 2:21.1.7-1ubuntu3.1
released
mantic
Fixed 2:21.1.7-3ubuntu2.1
released
noble
Fixed 2:21.1.7-3ubuntu2.1
released
oracular
Fixed 2:21.1.7-3ubuntu2.1
released
trusty
Fixed 2:1.15.1-0ubuntu2.11+esm8
released
xenial
Fixed 2:1.18.4-0ubuntu0.12+esm6
released
xorg-server-hwe-16.04
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
needs-triage
xorg-server-hwe-18.04
bionic
needs-triage
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
xorg-server-lts-utopic
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
xorg-server-lts-vivid
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
xorg-server-lts-wily
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
xorg-server-lts-xenial
bionic
dne
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
dne
xwayland
bionic
dne
focal
dne
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
xorg-x11-server
suse enterprise desktop 15 SP4
1.20.3-150400.38.29.1
fixed
suse enterprise desktop 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise desktop 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise desktop 15 SP7
21.1.15-150700.3.2
fixed
suse enterprise sap 15 SP2
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP3
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP4
1.20.3-150400.38.29.1
fixed
suse enterprise sap 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise sap 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise sap 15 SP7
21.1.15-150700.3.2
fixed
suse enterprise server 15 SP2
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP3
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP4
1.20.3-150400.38.29.1
fixed
suse enterprise server 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise server 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise server 15 SP7
21.1.15-150700.3.2
fixed
xorg-x11-server-Xvfb
suse enterprise desktop 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise desktop 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise desktop 15 SP7
21.1.15-150700.3.2
fixed
suse enterprise sap 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise sap 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise sap 15 SP7
21.1.15-150700.3.2
fixed
suse enterprise server 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise server 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise server 15 SP7
21.1.15-150700.3.2
fixed
xorg-x11-server-extra
suse enterprise desktop 15 SP4
1.20.3-150400.38.29.1
fixed
suse enterprise desktop 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise desktop 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise desktop 15 SP7
21.1.15-150700.3.2
fixed
suse enterprise sap 15 SP2
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP3
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP4
1.20.3-150400.38.29.1
fixed
suse enterprise sap 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise sap 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise sap 15 SP7
21.1.15-150700.3.2
fixed
suse enterprise server 15 SP2
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP3
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP4
1.20.3-150400.38.29.1
fixed
suse enterprise server 15 SP5
21.1.4-150500.7.7.1
fixed
suse enterprise server 15 SP6
21.1.11-150600.3.2
fixed
suse enterprise server 15 SP7
21.1.15-150700.3.2
fixed
xorg-x11-server-sdk
suse enterprise sap 15 SP2
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP3
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP2
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP3
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP4
1.20.3-150400.38.29.1
fixed
xorg-x11-server-wayland
suse enterprise desktop 15 SP4
1.20.3-150200.22.5.79.1
fixed
suse enterprise desktop 15 SP5
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP4
1.20.3-150200.22.5.79.1
fixed
suse enterprise sap 15 SP5
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP4
1.20.3-150200.22.5.79.1
fixed
suse enterprise server 15 SP5
1.20.3-150200.22.5.79.1
fixed
suse enterprise workstation 15 SP4
1.20.3-150200.22.5.79.1
fixed
suse enterprise workstation 15 SP5
1.20.3-150200.22.5.79.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
tigervnc
RHEL 7
0:1.8.0-26.el7_9
fixed
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
tigervnc-icons
RHEL 7
0:1.8.0-26.el7_9
fixed
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
tigervnc-license
RHEL 7
0:1.8.0-26.el7_9
fixed
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
tigervnc-selinux
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
tigervnc-server
RHEL 7
0:1.8.0-26.el7_9
fixed
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
tigervnc-server-applet
RHEL 7
0:1.8.0-26.el7_9
fixed
tigervnc-server-minimal
RHEL 7
0:1.8.0-26.el7_9
fixed
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
tigervnc-server-module
RHEL 7
0:1.8.0-26.el7_9
fixed
RHEL 8
0:1.13.1-8.el8
fixed
RHEL 9
0:1.13.1-8.el9
fixed
xorg-x11-server-Xdmx
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-Xephyr
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-Xnest
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-Xorg
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-Xvfb
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-common
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-devel
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
xorg-x11-server-source
RHEL 8
0:1.20.11-22.el8
fixed
RHEL 9
0:1.20.11-24.el9
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:7428
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2298
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:3067
https://access.redhat.com/security/cve/CVE-2023-5380
https://bugzilla.redhat.com/show_bug.cgi?id=2244736
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://access.redhat.com/errata/RHSA-2023:7428
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2298
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:3067
https://access.redhat.com/security/cve/CVE-2023-5380
https://bugzilla.redhat.com/show_bug.cgi?id=2244736
https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
https://security.gentoo.org/glsa/202401-30
https://security.netapp.com/advisory/ntap-20231130-0004/
https://www.debian.org/security/2023/dsa-5534