CVE-2023-6377

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write13 documents9 sources

Severity

7.8HIGH

EPSS

0.4%

top 38.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org X Server X.org Xwayland Debian Debian Linux +1 more

Timeline

PublishedDec 13

Latest updateDec 14

Description

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶Debianxorg-server< 2:1.20.11-1+deb11u10+3

▶Ubuntuxorg-server< 2:1.20.13-1ubuntu1~20.04.12+3

▶NVDx.org/x_server< 21.1.10

▶NVDx.org/xwayland< 23.2.3

▶Debianxwayland< 2:23.2.3-1+1

Also affects: Debian Linux 10.0, 11.0, 12.0, Enterprise Linux 9.2

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-xp6x-8hgv-x5w5: A flaw was found in xorg-server↗2023-12-13

▶

OSV

xorg-server, xwayland vulnerabilities↗2023-12-13

▶

OSV

xorg-server vulnerabilities↗2023-12-13

▶

CVEList

Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions↗2023-12-13

▶

OSV

CVE-2023-6377: A flaw was found in xorg-server↗2023-12-13

▶

📋Vendor Advisories

BSD

OpenBSD 7.3 Errata 023: SECURITY FIX↗2023-12-14

▶

BSD

OpenBSD 7.4 Errata 010: SECURITY FIX↗2023-12-14

▶

Ubuntu

X.Org X Server vulnerabilities↗2023-12-13

▶

Red Hat

xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions↗2023-12-13

▶

Ubuntu

X.Org X Server vulnerabilities↗2023-12-13

▶