X.Org Server Hit By New Local Privilege Escalation Vulnerability

Written by Michael Larabel in X.Org on 7 February 2023 at 12:00 AM EST. 190 Comments
X.ORG
The X.Org Server keeps on giving when it comes to security vulnerabilities with its massive, aging, and ill-maintained code-base. Disclosed on Monday night was CVE-2023-0494 as the latest security advisory and another discovery by the Trend Micro Zero Day Initiative.

CVE-2023-0494 entails local privilege elevation on systems where the X.Org Server is privileged and remote code execution is supported for SSH X forwarding sessions. Thankfully for many modern X.Org Server environments these days, the X.Org Server is no longer run as root / elevated privileges but for older systems and in other select configurations unfortunately remains running in such a vulnerable configuration.

The CVE-2023-0494 vulnerability involves a use-after-free condition within DeepCopyPointerClasses for allowing reading and writing to freed memory via ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo().


More details on the latest X.Org security advisory via the xorg mailing list. The X Input security fix is available via this tiny patch. As a result of today's security disclosure, X.Org Server 21.1.7 has been released with this fix. There is also a handful of other fixes in X.Org Server 21.1.7: namely just two DIX fixes and then a handful of Apple macOS XQuartz patches.

It's been ten years already since a security researcher commented that the X.Org Server codebase security is "worse than it looks" and it continues to be the source of new security vulnerabilities for this still commonly used component to the Linux desktop.
190 Comments
Related News
xcompmgr 1.1.10 Released For Classic "Eye Candy" Compositor On X.Org
Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years
It's Taken Until 2024 To Add FreeBSD To X.Org Continuous Integration Testing
libX11 1.8.10 Brings Memory Safety Fixes
X.Org Testing Ground Expands Its Scope To Illumos/OpenIndiana
X.Org Server Patches Look To Cleanup VRR Handling, Make It Xinerama-Aware
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries