Description
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
References
https://security.gentoo.org/glsa/202305-30
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/29/1
Mailing ListThird Party Advisory
https://security.gentoo.org/glsa/202305-30
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/03/29/1
Mailing ListThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-03-30T21:15:06.557
2 years agoLast modified
2025-02-14T16:15:32.567
5 months ago