X.Org Server Hit By New Local Privilege Escalation Vulnerability
1 min read
Feb 22, 2023
The X.Org Server, a commonly used component to the Linux desktop, keeps on giving when it comes to security vulnerabilities with its massive, aging, and ill-maintained code-base. Disclosed on Monday night was CVE-2023-0494 as the latest security advisory and another discovery by the Trend Micro Zero Day Initiative.
CVE-2023-0494 entails local privilege elevation on systems where the X.Org Server is privileged and remote code execution is supported for SSH X forwarding sessions. Thankfully for many modern X.Org Server environments these days, the X.Org Server is no longer run as root / elevated privileges but for older systems and in other select configurations unfortunately remains running in such a vulnerable configuration.
The CVE-2023-0494 vulnerability involves a use-after-free condition within DeepCopyPointerClasses for allowing reading and writing to freed memory via ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo().
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
SPDX 3.0 Revolutionizes Software Management & Security
1 - 0 min read
Open Source is Not Insecure, Despite Common Misconceptions
1 - 0 min read
Do I Need Antivirus as a Linux User?
