Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393

Written by Michael Larabel in X.Org on 29 March 2023 at 08:30 AM EDT. 305 Comments

X.ORG

For over a decade now the X.Org Server has been seeing routine security disclosures in its massive codebase with some security researchers saying it's even worse than it looks and security researchers frequently finding multiple vulnerabilities at a time in the large and aging code-base that these days rarely sees new feature work. Today another disclosure was made by the folks with the Trend Micro Zero Day Initiative.

CVE-2023-1393 is a use-after-free vulnerability where it could lead to local privilege escalation if the xorg-server is still running as root and remote code execution for SSH X forwarding sessions.

If a client explicitly destroys the compositor overlay window, the X.Org Server leaves a dangling pointer to that window and will trigger a use-after-free later on.

The disclosure was made a few minutes ago on the mailing list.

CVE-2023-1393

The two-line fix was made to the X.Org Server Git codebase and will be incorporated into the next xorg-server release. Fortunately at least many are able to run the X.Org Server without root privileges in recent years though some still do not, particularly on some other non-Linux X.Org Server environments.

305 Comments

Related News

X.Org Server Change Allows GLAMOR To Fallback To Software Rendering For Obsolete GPUs

Explicit GPU Synchronization Merged For XWayland

X.Org Server & XWayland Hit By Four More Security Issues

The X.Org Foundation Needs More Candidates To Hold An Election

X.Org Server Clears Out Remnants For Supporting Old Compilers

X.Org Server & XWayland Updated Due To Another Six Security Vulnerabilities

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Fedora Linux 40 Available For Download As A Wonderful Upgrade

AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"

Systemd 256-rc1 Brings A Huge Number Of New Features

NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver

Microsoft Open-Sources MS-DOS 4.0 Under MIT License

GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance

Ubuntu 24.04 LTS Downloads Now Available

GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks