CVE-2023-0494: 
TigerVNC vulnerability analysis and mitigation

A vulnerability (CVE-2023-0494) was discovered in X.Org Server, identified on January 25, 2023. The vulnerability stems from a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() functions. This security flaw was discovered by Jan-Niklas Sohn working with Trend Micro Zero Day Initiative (X.Org Advisory).

The vulnerability occurs due to a use-after-free condition in the DeepCopyPointerClasses function, which can be exploited through ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. The issue has been assigned a CVSS 3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (Ubuntu CVE).

The vulnerability can lead to local privilege elevation on systems where the X server runs with privileged access and enables remote code execution for SSH X forwarding sessions. This poses significant security risks for systems running the affected X.Org Server versions (MITRE CVE).

A fix has been released in xorg-server version 21.1.7 through a patch (commit 0ba6d8c37071131a49790243cdac55392ecf71ec). Multiple vendors have released security updates to address this vulnerability, including Red Hat, Ubuntu, and Debian. Users are advised to upgrade to the patched versions of the X.Org Server (X.Org Advisory, Red Hat Bugzilla).