High severity7.8NVD Advisory· Published Oct 25, 2023· Updated Jun 23, 2026
CVE-2023-5367
CVE-2023-5367
Description
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
58cpe:/a:redhat:enterprise_linux:8::appstream+ 5 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 0:21.1.3-15.el8
- cpe:/a:redhat:enterprise_linux:8::crbrange: 0:1.20.11-22.el8
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:22.1.9-5.el9
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:1.20.11-24.el9
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7::clientrange: 0:1.8.0-26.el7_9
cpe:/a:redhat:rhel_aus:8.2::appstream+ 2 more
- cpe:/a:redhat:rhel_aus:8.2::appstreamrange: 0:1.9.0-15.el8_2.4
- cpe:/a:redhat:rhel_e4s:8.1::appstreamrange: 0:1.9.0-16.el8_1.4
- cpe:/a:redhat:rhel_e4s:8.4::appstreamrange: 0:1.11.0-8.el8_4.3
- Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.6::appstreamRange: 0:1.12.0-6.el8_6.4
- Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.8::appstreamRange: 0:1.12.0-15.el8_8.1
- Red Hat/Red Hat Enterprise Linux 9.0 Extended Update Supportv5cpe:/a:redhat:rhel_eus:9.0::appstreamRange: 0:1.11.0-22.el9_0.3
- Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv5cpe:/a:redhat:rhel_eus:9.2::appstreamRange: 0:1.12.0-14.el9_2
- Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONv5cpe:/o:redhat:rhel_els:6Range: 0:1.1.0-25.el6_10.13
- osv-coords43 versionspkg:rpm/almalinux/tigervncpkg:rpm/almalinux/tigervnc-iconspkg:rpm/almalinux/tigervnc-licensepkg:rpm/almalinux/tigervnc-selinuxpkg:rpm/almalinux/tigervnc-serverpkg:rpm/almalinux/tigervnc-server-minimalpkg:rpm/almalinux/tigervnc-server-modulepkg:rpm/almalinux/xorg-x11-server-commonpkg:rpm/almalinux/xorg-x11-server-develpkg:rpm/almalinux/xorg-x11-server-sourcepkg:rpm/almalinux/xorg-x11-server-Xdmxpkg:rpm/almalinux/xorg-x11-server-Xephyrpkg:rpm/almalinux/xorg-x11-server-Xnestpkg:rpm/almalinux/xorg-x11-server-Xorgpkg:rpm/almalinux/xorg-x11-server-Xvfbpkg:rpm/almalinux/xorg-x11-server-Xwaylandpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xwayland&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 1.13.1-3.el9_3.3.alma.1+ 42 more
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.13.1-3.el9_3.3.alma.1
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 22.1.9-5.el9
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 21.1.9-1.1
- (no CPE)range: < 21.1.4-150400.3.20.1
- (no CPE)range: < 22.1.5-150500.7.5.1
- (no CPE)range: < 23.2.2-1.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 21.1.4-150400.3.20.1
- (no CPE)range: < 22.1.5-150500.7.5.1
Patches
Vulnerability mechanics
References
32- lists.x.org/archives/xorg-announce/2023-October/003430.htmlnvdPatchVendor Advisory
- access.redhat.com/errata/RHSA-2023:6802nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:6808nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7373nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7388nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7405nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7428nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7436nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7526nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:7533nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:0010nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:0128nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2023-5367nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- access.redhat.com/errata/RHSA-2024:2169nvd
- access.redhat.com/errata/RHSA-2024:2170nvd
- access.redhat.com/errata/RHSA-2024:2995nvd
- access.redhat.com/errata/RHSA-2024:2996nvd
- access.redhat.com/errata/RHSA-2025:12751nvd
- lists.debian.org/debian-lts-announce/2023/10/msg00036.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/nvd
- security.gentoo.org/glsa/202401-30nvd
- security.netapp.com/advisory/ntap-20231130-0004/nvd
- www.debian.org/security/2023/dsa-5534nvd
News mentions
0No linked articles in our index yet.