CVE-2023-45913
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
27/03/2024
Last modified:
04/11/2025
Description
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.
Impact
Base Score 3.x
6.20
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mesa3d:mesa:23.0.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2024/Jan/28
- https://gitlab.freedesktop.org/mesa/mesa/-/issues/9856
- https://seclists.org/fulldisclosure/2024/Jan/71
- http://packetstormsecurity.com/files/176800/Mesa-23.0.4-Null-Pointer.html
- http://seclists.org/fulldisclosure/2024/Jan/28
- https://gitlab.freedesktop.org/mesa/mesa/-/issues/9856
- https://seclists.org/fulldisclosure/2024/Jan/71