Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393
For over a decade now the X.Org Server has been seeing routine security disclosures in its massive codebase with some security researchers saying it's even worse than it looks and security researchers frequently finding multiple vulnerabilities at a time in the large and aging code-base that these days rarely sees new feature work. Today another disclosure was made by the folks with the Trend Micro Zero Day Initiative.
CVE-2023-1393 is a use-after-free vulnerability where it could lead to local privilege escalation if the xorg-server is still running as root and remote code execution for SSH X forwarding sessions.
If a client explicitly destroys the compositor overlay window, the X.Org Server leaves a dangling pointer to that window and will trigger a use-after-free later on.
The disclosure was made a few minutes ago on the mailing list.
The two-line fix was made to the X.Org Server Git codebase and will be incorporated into the next xorg-server release. Fortunately at least many are able to run the X.Org Server without root privileges in recent years though some still do not, particularly on some other non-Linux X.Org Server environments.
CVE-2023-1393 is a use-after-free vulnerability where it could lead to local privilege escalation if the xorg-server is still running as root and remote code execution for SSH X forwarding sessions.
If a client explicitly destroys the compositor overlay window, the X.Org Server leaves a dangling pointer to that window and will trigger a use-after-free later on.
The disclosure was made a few minutes ago on the mailing list.
The two-line fix was made to the X.Org Server Git codebase and will be incorporated into the next xorg-server release. Fortunately at least many are able to run the X.Org Server without root privileges in recent years though some still do not, particularly on some other non-Linux X.Org Server environments.
305 Comments