CVE-2023-45913 — NULL Pointer Dereference in Mesa

CWE-476 — NULL Pointer Dereference6 documents5 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 96.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mesa3d Mesa
Timeline
PublishedMar 27

Description

Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

â–¶NVDmesa3d/mesa23.0.4

🔴Vulnerability Details

4
OSV
CVE-2023-45913: ** DISPUTED ** Mesa v23↗2024-03-27
â–¶
CVEList
CVE-2023-45913: Mesa v23↗2024-03-27
â–¶
OSV
CVE-2023-45913: Mesa v23↗2024-03-27
â–¶
GHSA
GHSA-q4fq-56x3-rq98: Mesa v23↗2024-03-27
â–¶

📋Vendor Advisories

1
Debian
CVE-2023-45913: mesa - Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the functi...↗2023
â–¶
CVE-2023-45913 — NULL Pointer Dereference in Mesa | cvebase