CVE-2023-5367
📋 TL;DR
This CVE-2023-5367 is an out-of-bounds write vulnerability in xorg-x11-server that allows attackers to write beyond allocated heap buffers. It could lead to privilege escalation or denial of service on systems running vulnerable X11 server versions. Affected systems include Linux distributions with vulnerable xorg-x11-server packages.
💻 Affected Systems
- xorg-x11-server
- X.Org X Server
📦 What is this software?
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Power Big Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Big Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Scientific Computing by Redhat
View all CVEs affecting Enterprise Linux For Scientific Computing →
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root privileges through memory corruption leading to arbitrary code execution
Likely Case
Local privilege escalation or system crash/denial of service
If Mitigated
Limited to denial of service if exploit fails or system has additional protections
🎯 Exploit Status
Requires local access and knowledge of X11 protocol manipulation
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: xorg-x11-server-1.20.11-13.el8_8.1 (RHEL 8), xorg-x11-server-1.20.11-13.el9_2.1 (RHEL 9), or later
Vendor Advisory: https://access.redhat.com/errata/RHSA-2023:6802
Restart Required: Yes
Instructions:
1. Update xorg-x11-server package using system package manager. 2. For RHEL/CentOS: 'sudo yum update xorg-x11-server'. 3. Restart X11 server or reboot system.
🔧 Temporary Workarounds
Disable X11 if not needed
linuxRemove or disable X11 server on systems where graphical interface is not required
sudo systemctl set-default multi-user.target
sudo systemctl isolate multi-user.target
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable X11 servers
- Implement strict access controls and monitor for suspicious X11-related activity
🔍 How to Verify
Check if Vulnerable:
Check xorg-x11-server version: 'rpm -q xorg-x11-server' or 'xorg -version'Check Version:
rpm -q xorg-x11-server --queryformat '%{VERSION}-%{RELEASE}\n'Verify Fix Applied:
Verify updated version is installed: 'rpm -q xorg-x11-server | grep -E "1.20.11-13.el[89]"'📡 Detection & Monitoring
Log Indicators:
- X11 server crashes
- Segmentation faults in Xorg process
- Abnormal X11 property modification attempts
Network Indicators:
- Not applicable - local exploit only
SIEM Query:
process.name:"Xorg" AND (event.action:"segmentation_fault" OR event.outcome:"failure")🔗 References
- https://access.redhat.com/errata/RHSA-2023:6802
- https://access.redhat.com/errata/RHSA-2023:6808
- https://access.redhat.com/errata/RHSA-2023:7373
- https://access.redhat.com/errata/RHSA-2023:7388
- https://access.redhat.com/errata/RHSA-2023:7405
- https://access.redhat.com/errata/RHSA-2023:7428
- https://access.redhat.com/errata/RHSA-2023:7436
- https://access.redhat.com/errata/RHSA-2023:7526
- https://access.redhat.com/errata/RHSA-2023:7533
- https://access.redhat.com/errata/RHSA-2024:0010
- https://access.redhat.com/errata/RHSA-2024:0128
- https://access.redhat.com/errata/RHSA-2024:2169
- https://access.redhat.com/errata/RHSA-2024:2170
- https://access.redhat.com/errata/RHSA-2024:2995
- https://access.redhat.com/errata/RHSA-2024:2996
- https://access.redhat.com/errata/RHSA-2025:12751
- https://access.redhat.com/security/cve/CVE-2023-5367
- https://bugzilla.redhat.com/show_bug.cgi?id=2243091
- https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- https://access.redhat.com/errata/RHSA-2023:6802
- https://access.redhat.com/errata/RHSA-2023:6808
- https://access.redhat.com/errata/RHSA-2023:7373
- https://access.redhat.com/errata/RHSA-2023:7388
- https://access.redhat.com/errata/RHSA-2023:7405
- https://access.redhat.com/errata/RHSA-2023:7428
- https://access.redhat.com/errata/RHSA-2023:7436
- https://access.redhat.com/errata/RHSA-2023:7526
- https://access.redhat.com/errata/RHSA-2023:7533
- https://access.redhat.com/errata/RHSA-2024:0010
- https://access.redhat.com/errata/RHSA-2024:0128
- https://access.redhat.com/errata/RHSA-2024:2169
- https://access.redhat.com/errata/RHSA-2024:2170
- https://access.redhat.com/errata/RHSA-2024:2995
- https://access.redhat.com/errata/RHSA-2024:2996
- https://access.redhat.com/security/cve/CVE-2023-5367
- https://bugzilla.redhat.com/show_bug.cgi?id=2243091
- https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
- https://lists.x.org/archives/xorg-announce/2023-October/003430.html
- https://security.gentoo.org/glsa/202401-30
- https://security.netapp.com/advisory/ntap-20231130-0004/
- https://www.debian.org/security/2023/dsa-5534
