Unrated severityNVD Advisory· Published Oct 25, 2023· Updated Nov 20, 2025
Xorg-x11-server: use-after-free bug in destroywindow
CVE-2023-5380
Description
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Affected products
46- Red Hat/Red Hat Enterprise Linux 8v53 versions
cpe:/a:redhat:enterprise_linux:8::appstream+ 2 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 0:1.13.1-8.el8
- cpe:/a:redhat:enterprise_linux:8::crbrange: 0:1.20.11-22.el8
- cpe:/o:redhat:enterprise_linux:8
- Red Hat/Red Hat Enterprise Linux 9v53 versions
cpe:/a:redhat:enterprise_linux:9::appstream+ 2 more
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:1.13.1-8.el9
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:1.20.11-24.el9
- cpe:/o:redhat:enterprise_linux:9
- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
- Red Hat/Red Hat Enterprise Linux 7v52 versions
cpe:/o:redhat:enterprise_linux:7+ 1 more
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:7::clientrange: 0:1.8.0-26.el7_9
- osv-coords37 versionspkg:rpm/almalinux/tigervncpkg:rpm/almalinux/tigervnc-iconspkg:rpm/almalinux/tigervnc-licensepkg:rpm/almalinux/tigervnc-selinuxpkg:rpm/almalinux/tigervnc-serverpkg:rpm/almalinux/tigervnc-server-minimalpkg:rpm/almalinux/tigervnc-server-modulepkg:rpm/almalinux/xorg-x11-server-commonpkg:rpm/almalinux/xorg-x11-server-develpkg:rpm/almalinux/xorg-x11-server-sourcepkg:rpm/almalinux/xorg-x11-server-Xdmxpkg:rpm/almalinux/xorg-x11-server-Xephyrpkg:rpm/almalinux/xorg-x11-server-Xnestpkg:rpm/almalinux/xorg-x11-server-Xorgpkg:rpm/almalinux/xorg-x11-server-Xvfbpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Server%204.2
< 1.13.1-8.el9+ 36 more
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 23.2.2-1.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- access.redhat.com/errata/RHSA-2023:7428mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2169mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2298mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2995mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:3067mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-5380mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- lists.x.org/archives/xorg-announce/2023-October/003430.htmlmitre
News mentions
0No linked articles in our index yet.