CVE-2023-45913

MEDIUM6.2

Mesa v23

Published Mar 27, 2024

Modified 2 months ago

No fix available

Details

Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

References

WEBhttp://packetstormsecurity.com/files/176800/Mesa-23.0.4-Null-Pointer.html WEBhttp://seclists.org/fulldisclosure/2024/Jan/28 WEBhttps://gitlab.freedesktop.org/mesa/mesa/-/issues/9856 WEBhttps://seclists.org/fulldisclosure/2024/Jan/71 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-45913

CVSS Analysis

CVSS v3.1

6.2

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

6.2/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMar 27, 2024

ModifiedNov 4, 2025