CVE-2023-5380 MEDIUM

CVE-2023-5380: Xorg-x11-server: use-after-free bug in destroywindow

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-416
Published October 25, 2023
Last update November 20, 2025

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Key dates

02Disclosure timeline

October 25, 2023 CVE published
November 20, 2025 Record updated