CVE-2023-5367

Name: CVE-2023-5367
Creator: NVD / NIST
Published: 2023-10-25T20:15:18.323+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.62%

Last modified Jun 23, 2026

CVE-2023-5367 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.

Description

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.62%

45.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
X.Org	X Server	< 21.1.9
X.Org	Xwayland	< 23.2.2
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux For Ibm Z Systems	7.0_s390x
Redhat	Enterprise Linux For Power Big Endian	7.0_ppc64
Redhat	Enterprise Linux For Power Little Endian	7.0_ppc64le
Redhat	Enterprise Linux For Scientific Computing	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0
Fedoraproject	Fedora	37
Fedoraproject	Fedora	38
Fedoraproject	Fedora	39
Debian	Debian Linux	11.0
Debian	Debian Linux	12.0

References

https://access.redhat.com/errata/RHSA-2023:6802Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6808Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7373Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7388Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7405Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7428Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7436Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7526Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7533Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0010Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0128Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/errata/RHSA-2025:12751
https://access.redhat.com/security/cve/CVE-2023-5367Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2243091Issue Tracking, Third Party Advisory
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlPatch, Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:6802Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6808Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7373Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7388Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7405Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7428Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7436Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7526Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7533Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0010Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0128Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://access.redhat.com/security/cve/CVE-2023-5367Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2243091Issue Tracking, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlPatch, Vendor Advisory
https://security.gentoo.org/glsa/202401-30
https://security.netapp.com/advisory/ntap-20231130-0004/
https://www.debian.org/security/2023/dsa-5534

Timeline

Published: Oct 25, 2023
Last Modified: Jun 23, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-5367?

How severe is CVE-2023-5367?

CVE-2023-5367 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.

How do I fix CVE-2023-5367?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5367?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST