CVE-2023-5380

MEDIUMMonitor

Published:Oct 25, 2023(2 years ago)

Modified:Nov 4, 2025

Local AccessNo Interaction

Vulnerability Description

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Attack Characteristics

Local AccessHigh ComplexityLow PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
x.org	x_server	21.1.9	-
x.org	xwayland	23.2.2	-
redhat	enterprise_linux	-

Timeline

Published
CVE disclosed publicly
Oct 25, 20232 years ago
Last Modified
Most recent update
Nov 4, 20256 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://access.redhat.com/errata/RHSA-2023:7428Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2298
https://access.redhat.com/errata/RHSA-2024:2995

CVSS Score

v3.1

4.7/ 10.0

MEDIUM

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

At a Glance

Affected Products

References

x.org / x_server

https://access.redhat.com/errata/RHSA-2024:3067

https://access.redhat.com/security/cve/CVE-2023-5380Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2244736Issue Tracking

https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlPatch

https://access.redhat.com/errata/RHSA-2023:7428Third Party Advisory

https://access.redhat.com/errata/RHSA-2024:2169

https://access.redhat.com/errata/RHSA-2024:2298

https://access.redhat.com/errata/RHSA-2024:2995

https://access.redhat.com/errata/RHSA-2024:3067

https://access.redhat.com/security/cve/CVE-2023-5380Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2244736Issue Tracking

https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.f...

https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlPatch

https://security.gentoo.org/glsa/202401-30

https://security.netapp.com/advisory/ntap-20231130-0004/

https://www.debian.org/security/2023/dsa-5534

CVSS v3 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability

Attack VectorLocal

Attack ComplexityHigh

Privileges RequiredLow

User InteractionNone

Impact

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

Impact Analysis

ConfidentialityNone

NoneLowHigh

IntegrityNone

NoneLowHigh

AvailabilityHigh

NoneLowHigh

CVE-2023-5380

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description