CVE-2023-0494

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0494

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0494.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-0494

Downstream

BELL-CVE-2023-0494

DEBIAN-CVE-2023-0494

DLA-3310-1

DSA-5342-1

MGASA-2023-0118

OESA-2023-1127

RHSA-2023:0622

RHSA-2023:0623

RHSA-2023:0662

RHSA-2023:0663

RHSA-2023:0664

RHSA-2023:0665

RHSA-2023:0671

RHSA-2023:0675

RHSA-2023:2248

RHSA-2023:2249

RHSA-2023:2805

RHSA-2023:2806

RHSA-2025:12751

RLSA-2023:0622

RLSA-2023:0662

SUSE-SU-2023:0282-1

SUSE-SU-2023:0284-1

SUSE-SU-2023:0285-1

SUSE-SU-2023:0286-1

SUSE-SU-2023:0287-1

SUSE-SU-2023:0288-1

SUSE-SU-2023:0289-1

UBUNTU-CVE-2023-0494

USN-5778-2

USN-5846-1

openSUSE-SU-2024:12664-1

openSUSE-SU-2024:12665-1

Related

Published

2023-03-27T00:00:00Z

Modified

2026-05-15T11:53:22.693502735Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Database specific

{
    "cwe_ids": [
        "CWE-416"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0494.json",
    "cna_assigner": "redhat"
}

References

Affected packages