• 公告ID (KylinSec-SA-2023-1356)

摘要:

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

安全等级: Low

公告ID: KylinSec-SA-2023-1356

发布日期: 2023年5月19日

关联CVE: CVE-2023-1393  

  • 详细介绍

1. 漏洞描述

   

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

2. 影响范围

cve名称 产品 组件 是否受影响
CVE-2023-1393 KY3.4-4A tigervnc Unaffected
CVE-2023-1393 KY3.4-5 tigervnc Unaffected
CVE-2023-1393 KY3.5.1 tigervnc Unaffected
CVE-2023-1393 KY3.5.2 tigervnc Unaffected

3. 影响组件

    无

4. 修复版本

    无

5. 修复方法

   无

6. 下载链接

    无
上一篇:KylinSec-SA-2023-1355 下一篇:KylinSec-SA-2023-1358