Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393
1 min read
Mar 31, 2023
For over a decade now the X.Org Server has been seeing routine security disclosures in its massive codebase with some security researchers saying it's even worse than it looks and security researchers frequently finding multiple vulnerabilities at a time in the large and aging code-base that these days rarely sees new feature work. Now another disclosure has made by security researchers.
CVE-2023-1393 is a use-after-free vulnerability where it could lead to local privilege escalation if the xorg-server is still running as root and remote code execution for SSH X forwarding sessions.
If a client explicitly destroys the compositor overlay window, the X.Org Server leaves a dangling pointer to that window and will trigger a use-after-free later on.
The disclosure was made a few minutes ago on the mailing list.
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Millions Of GitHub Repositories Infected With Malicious Code
1 - 0 min read
New GhostRace Attack Impacts Major CPU, Software Vendors
