Medium severity4.7NVD Advisory· Published Oct 25, 2023· Updated Jun 23, 2026
CVE-2023-5380
CVE-2023-5380
Description
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47cpe:/a:redhat:enterprise_linux:8::appstream+ 8 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 0:1.13.1-8.el8
- cpe:/a:redhat:enterprise_linux:8::crbrange: 0:1.20.11-22.el8
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:1.13.1-8.el9
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:1.20.11-24.el9
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- cpe:/o:redhat:enterprise_linux:7::clientrange: 0:1.8.0-26.el7_9
- cpe:/o:redhat:enterprise_linux:8
- cpe:/o:redhat:enterprise_linux:9
- osv-coords37 versionspkg:rpm/almalinux/tigervncpkg:rpm/almalinux/tigervnc-iconspkg:rpm/almalinux/tigervnc-licensepkg:rpm/almalinux/tigervnc-selinuxpkg:rpm/almalinux/tigervnc-serverpkg:rpm/almalinux/tigervnc-server-minimalpkg:rpm/almalinux/tigervnc-server-modulepkg:rpm/almalinux/xorg-x11-server-commonpkg:rpm/almalinux/xorg-x11-server-develpkg:rpm/almalinux/xorg-x11-server-sourcepkg:rpm/almalinux/xorg-x11-server-Xdmxpkg:rpm/almalinux/xorg-x11-server-Xephyrpkg:rpm/almalinux/xorg-x11-server-Xnestpkg:rpm/almalinux/xorg-x11-server-Xorgpkg:rpm/almalinux/xorg-x11-server-Xvfbpkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xorg-x11-server&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/xwayland&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Manager%20Server%204.2
< 1.13.1-8.el9+ 36 more
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.13.1-8.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.11-24.el9
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 23.2.2-1.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 1.20.3-150400.38.29.1
- (no CPE)range: < 21.1.4-150500.7.7.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.19.6-10.56.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
- (no CPE)range: < 1.20.3-150200.22.5.79.1
Patches
Vulnerability mechanics
References
18- lists.x.org/archives/xorg-announce/2023-October/003430.htmlnvdPatchVendor Advisory
- access.redhat.com/errata/RHSA-2023:7428nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2023-5380nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
- access.redhat.com/errata/RHSA-2024:2169nvd
- access.redhat.com/errata/RHSA-2024:2298nvd
- access.redhat.com/errata/RHSA-2024:2995nvd
- access.redhat.com/errata/RHSA-2024:3067nvd
- lists.debian.org/debian-lts-announce/2023/10/msg00036.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/nvd
- security.gentoo.org/glsa/202401-30nvd
- security.netapp.com/advisory/ntap-20231130-0004/nvd
- www.debian.org/security/2023/dsa-5534nvd
News mentions
0No linked articles in our index yet.