Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 916388 (CVE-2023-5574)

Summary: x11-base/xorg-server: use-after-free bug
Product: Gentoo Security Reporter: Hans de Graaff <graaff>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=916254
Whiteboard: C4 [upstream]
Package list:
Runtime testing required: ---

Description Hans de Graaff gentoo-dev Security 2023-10-28 09:29:24 UTC 
From https://lists.x.org/archives/xorg-announce/2023-October/003430.html:

3) CVE-2023-5574: Use-after-free bug in DamageDestroy

Introduced in: xorg-server-1.13.0 (2012)
Found by: Sri working with Trend Micro Zero Day Initiative
Merge request tracking the fixes: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189

This issue only affects Xvfb and requires a legacy multi-screen setup
with multiple protocol screens ("Zaphod").

Screen cleanup is handled via stackable "modules", but the fb module hardcoded
the cleanup path for the screen pixmap instead of calling into the next layer
of the stack. This caused a minor memory leak that was fixed with a patch to
Xvfb introduced in server 1.13. However, that patch did not remove all
references to the freed pixmap, causing a use-after-free during screen cleanup
in a lower module.

This issue has not yet been fixed, please see the above merge request to
track future fixes to this issue.