CVE-2023-6377
HIGH EPSS 72.5%
Published Dec 13, 20232y ago · Modified Jun 23, 20266d ago
7.8 CVSS 3.1
Published Dec 13, 2023 2y ago
Last Modified Jun 23, 2026 6d ago
Description
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
72.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 17
| Vendor | Product | Version | Range |
|---|---|---|---|
| redhat | enterprise_linux_eus | 9.2 | any |
| debian | debian_linux | 10.0 | any |
| debian | debian_linux | 11.0 | any |
| debian | debian_linux | 12.0 | any |
| x.org | x_server | * | <21.1.10 |
| redhat | enterprise_linux | 6.0 | any |
| redhat | enterprise_linux | 7.0 | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
| x.org | xwayland | * | <23.2.3 |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
| tigervnc | tigervnc | * | any |
| redhat | enterprise_linux | 6.0 | any |
| redhat | enterprise_linux | 7.0 | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
References 29
- openwall.com http://www.openwall.com/lists/oss-security/2023/12/13/1
- access.redhat.com https://access.redhat.com/errata/RHSA-2023:7886
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0006
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0009
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0010
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0014
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0015
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0016
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0017
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0018
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:0020
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:2169
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:2170
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:2995
- access.redhat.com https://access.redhat.com/errata/RHSA-2024:2996
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:13998
- access.redhat.com https://access.redhat.com/security/cve/CVE-2023-6377
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2253291
- gitlab.freedesktop.org https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
- lists.debian.org https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
- lists.x.org https://lists.x.org/archives/xorg-announce/2023-December/003435.html
- security.gentoo.org https://security.gentoo.org/glsa/202401-30
- security.netapp.com https://security.netapp.com/advisory/ntap-20240125-0003/
- debian.org https://www.debian.org/security/2023/dsa-5576
Remediation
- gitlab.freedesktop.org https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd