Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
X.Org Server Hit By New Local Privilege Escalation Vulnerability
CVE-2023-0494 entails local privilege elevation on systems where the X.Org Server is privileged and remote code execution is supported for SSH X forwarding sessions. Thankfully for many modern X.Org Server environments these days, the X.Org Server is no longer run as root / elevated privileges but for older systems and in other select configurations unfortunately remains running in such a vulnerable configuration.
The CVE-2023-0494 vulnerability involves a use-after-free condition within DeepCopyPointerClasses for allowing reading and writing to freed memory via ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo().
More details on the latest X.Org security advisory via the xorg mailing list. The X Input security fix is available via this tiny patch. As a result of today's security disclosure, X.Org Server 21.1.7 has been released with this fix. There is also a handful of other fixes in X.Org Server 21.1.7: namely just two DIX fixes and then a handful of Apple macOS XQuartz patches.
It's been ten years already since a security researcher commented that the X.Org Server codebase security is "worse than it looks" and it continues to be the source of new security vulnerabilities for this still commonly used component to the Linux desktop.