CVE-2023-45922
CVE-2023-45922 is a medium-severity vulnerability in Mesa3d Mesa with a CVSS 3.x base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.
Key facts
- Severity: Medium (CVSS 3.x base score 4.3)
- EPSS exploit prediction: 1% (41st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-50185
- Weakness: CWE-754
- Affected product: Mesa3d Mesa
- Published:
- Last modified:
Description
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
Frequently asked questions
- What is CVE-2023-45922?
- glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.
- How severe is CVE-2023-45922?
- CVE-2023-45922 has a CVSS 3.x base score of 4.3, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability none.
- Is CVE-2023-45922 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (41st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-45922?
- CVE-2023-45922 affects Mesa3d Mesa. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-45922?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2023-45922 have an EU (EUVD) identifier?
- Yes. CVE-2023-45922 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-50185.
- When was CVE-2023-45922 published?
- CVE-2023-45922 was published on 2024-03-27 and last updated on 2026-06-17.
References
- http://seclists.org/fulldisclosure/2024/Jan/50
- http://seclists.org/fulldisclosure/2024/Jan/71
- https://gitlab.freedesktop.org/mesa/mesa/-/issues/9857
- http://packetstormsecurity.com/files/176805/Mesa-23.0.4-Buffer-Overflow-Null-Pointer.html
Affected products (1)
- cpe:2.3:a:mesa3d:mesa:23.0.4:*:*:*:*:*:*:*
More vulnerabilities in Mesa3d Mesa
- CVE-2026-40393 — High (CVSS 8.1): In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of…
- CVE-2023-45931 — High (CVSS 7.5): Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is…
- CVE-2013-1872 — Medium (CVSS 6.8): The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable…
- CVE-2013-1993 — Medium (CVSS 6.8): Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of…
- CVE-2023-45913 — Medium (CVSS 6.2): Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId().…
- CVE-2023-45919 — Medium (CVSS 5.3): Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because…
All CVEs affecting Mesa3d Mesa →
Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities
- CVE-2026-24054 — Critical (CVSS 10.0): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs)…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2026-8091 — Critical (CVSS 9.8): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150,…
- CVE-2024-52316 — Critical (CVSS 9.8): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta…
- CVE-2024-7826 — Critical (CVSS 9.8): Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows,…
- CVE-2023-37303 — Critical (CVSS 9.8): An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to…
Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →