Discover Security Vulnerabilities News
Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393
For over a decade now the X.Org Server has been seeing routine security disclosures in its massive codebase with some security researchers saying it's even worse than it looks and security researchers frequently finding multiple vulnerabilities at a time in the large and aging code-base that these days rarely sees new feature work. Now another disclosure has made by security researchers.
CVE-2023-1393 is a use-after-free vulnerability where it could lead to local privilege escalation if the xorg-server is still running as root and remote code execution for SSH X forwarding sessions.
If a client explicitly destroys the compositor overlay window, the X.Org Server leaves a dangling pointer to that window and will trigger a use-after-free later on.
The disclosure was made a few minutes ago on the mailing list.