The X.Org Server has a history of security vulnerabilities due to its outdated and poorly maintained code. The latest vulnerability, CVE-2023-0494, was revealed on Monday by the Trend Micro Zero Day Initiative. This vulnerability allows for local privilege escalation and remote code execution in systems where the X.Org Server runs with elevated privileges and supports SSH X forwarding.
Privilege escalation and remote code execution
Modern X.Org Server environments typically do not run with elevated privileges, but some older systems and specific configurations are still vulnerable. CVE-2023-0494 occurs from a use-after-free issue in DeepCopyPointerClasses, allowing access to freed memory through ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo().
More information on the latest X.Org security advisory can be found on the xorg mailing list. A fix for the X Input security issue is available through a small patch. As a result of the disclosure, X.Org Server 21.1.7 has been released, which includes the security fix and a few other fixes, such as two DIX fixes and several patches for Apple macOS XQuartz.
Despite being warned by a security researcher over a decade ago that the X.Org Server codebase has poor security, it remains a common component of the Linux desktop and continues to be a source of new security vulnerabilities.