Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-wh9v-35ju-vbcb
Vulnerability ID VCID-wh9v-35ju-vbcb
Aliases CVE-2023-0494
Summary Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0494.json
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00613 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
epss 0.00711 https://api.first.org/data/v1/epss?cve=CVE-2023-0494
cvssv3.1 7.8 https://bugzilla.redhat.com/show_bug.cgi?id=2165995
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2165995
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
ssvc Track https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
cvssv3.1 7.8 https://lists.x.org/archives/xorg-announce/2023-February/003320.html
ssvc Track https://lists.x.org/archives/xorg-announce/2023-February/003320.html
cvssv3.1 7.8 https://security.gentoo.org/glsa/202305-30
ssvc Track https://security.gentoo.org/glsa/202305-30
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0494.json
https://api.first.org/data/v1/epss?cve=CVE-2023-0494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
003320.html https://lists.x.org/archives/xorg-announce/2023-February/003320.html
0ba6d8c37071131a49790243cdac55392ecf71ec https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
1030777 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030777
2165995 https://bugzilla.redhat.com/show_bug.cgi?id=2165995
GLSA-202305-30 https://security.gentoo.org/glsa/202305-30
RHSA-2023:0622 https://access.redhat.com/errata/RHSA-2023:0622
RHSA-2023:0623 https://access.redhat.com/errata/RHSA-2023:0623
RHSA-2023:0662 https://access.redhat.com/errata/RHSA-2023:0662
RHSA-2023:0663 https://access.redhat.com/errata/RHSA-2023:0663
RHSA-2023:0664 https://access.redhat.com/errata/RHSA-2023:0664
RHSA-2023:0665 https://access.redhat.com/errata/RHSA-2023:0665
RHSA-2023:0671 https://access.redhat.com/errata/RHSA-2023:0671
RHSA-2023:0675 https://access.redhat.com/errata/RHSA-2023:0675
RHSA-2023:2248 https://access.redhat.com/errata/RHSA-2023:2248
RHSA-2023:2249 https://access.redhat.com/errata/RHSA-2023:2249
RHSA-2023:2805 https://access.redhat.com/errata/RHSA-2023:2805
RHSA-2023:2806 https://access.redhat.com/errata/RHSA-2023:2806
RHSA-2025:12751 https://access.redhat.com/errata/RHSA-2025:12751
USN-5778-2 https://usn.ubuntu.com/5778-2/
USN-5846-1 https://usn.ubuntu.com/5846-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0494.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2165995
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T17:41:52Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2165995
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T17:41:52Z/ Found at https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.x.org/archives/xorg-announce/2023-February/003320.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T17:41:52Z/ Found at https://lists.x.org/archives/xorg-announce/2023-February/003320.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-30
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T17:41:52Z/ Found at https://security.gentoo.org/glsa/202305-30
Exploit Prediction Scoring System (EPSS)
Percentile 0.69776
EPSS Score 0.00613
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:27.111232+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202305-30 38.0.0