Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2023-5367

HIGH7.8

Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

Published Oct 25, 2023

Modified 2 months ago

No fix available

Details

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

References

ADVISORYhttps://access.redhat.com/errata/RHSA-2023:6802 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:6808 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7373 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7388 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7405 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7428 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7436 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7526 ADVISORYhttps://access.redhat.com/errata/RHSA-2023:7533 ADVISORYhttps://access.redhat.com/errata/RHSA-2024:0010 ADVISORYhttps://access.redhat.com/errata/RHSA-2024:0128 ADVISORYhttps://access.redhat.com/errata/RHSA-2024:2169 ADVISORYhttps://access.redhat.com/errata/RHSA-2024:2170 ADVISORYhttps://access.redhat.com/errata/RHSA-2024:2995 ADVISORYhttps://access.redhat.com/errata/RHSA-2024:2996 ADVISORYhttps://access.redhat.com/errata/RHSA-2025:12751 WEBhttps://access.redhat.com/security/cve/CVE-2023-5367 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2243091 WEBhttps://lists.debian.org/debian-lts-announce/2023/10/msg00036.html WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/WEBhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/WEBhttps://lists.x.org/archives/xorg-announce/2023-October/003430.html WEBhttps://security.gentoo.org/glsa/202401-30 WEBhttps://security.netapp.com/advisory/ntap-20231130-0004/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-5367 WEBhttps://www.debian.org/security/2023/dsa-5534

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Memory Safety

Out-of-bounds Write

Ecosystems

Timeline

PublishedOct 25, 2023

ModifiedNov 6, 2025

CVE-2023-5367 | Mondoo Vulnerability Intelligence