=====================================================================

                                CERT-Renater

                     Note d'Information No. 2023/VULN055

_____________________________________________________________________

DATE                : 08/02/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running X.Org versions prior to 21.1.7.

=====================================================================
https://lists.x.org/archives/xorg/2023-February/061255.html
_____________________________________________________________________


X.Org Security Advisory: February 07, 2023

Security issue in the X server
==============================

This issue can lead to local privileges elevation on systems
where the X server is running privileged and remote code execution
for ssh X forwarding sessions.

* CVE-2023-0494/ZDI-CAN-19596: X.Org Server DeepCopyPointerClasses
use-after-free

A dangling pointer in DeepCopyPointerClasses can be exploited by
ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read/write
into freed memory.

Patches
-------
A patch for this issue has been committed to the xorg server git
repository. xorg-server 21.1.7 will be released shortly and will
include this patch.

- commit 0ba6d8c37071131a49790243cdac55392ecf71ec

   Xi: fix potential use-after-free in DeepCopyPointerClasses

   CVE-2023-0494, ZDI-CAN 19596


Thanks
======

The vulnerabilities have been discovered by Jan-Niklas Sohn
working with Trend Micro Zero Day Initiative.



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================