CVE-2023-6377

HIGH

xorg-server - Memory Corruption

Title source: llm

Description

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

References (29)

Core 29

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html

Mailing List

https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html

Patch

https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd

Mailing List

https://lists.x.org/archives/xorg-announce/2023-December/003435.html

Third Party Advisory

https://www.debian.org/security/2023/dsa-5576

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240125-0003/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/

Third Party Advisory

https://security.gentoo.org/glsa/202401-30

Mailing List

http://www.openwall.com/lists/oss-security/2023/12/13/1

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2023:7886

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0006

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0009

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0010

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0014

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0015

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0016

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0017

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0018

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0020

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2169

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2170

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2995

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2996

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:13998

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-6377

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2253291

Scores

CVSS v3 7.8

EPSS 0.0038

EPSS Percentile 59.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (27)

debian/debian_linux 10.0

debian/debian_linux 11.0

debian/debian_linux 12.0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION 0:1.1.0-25.el6_10.14

Red Hat/Red Hat Enterprise Linux 7 0:1.20.4-25.el7_9

Red Hat/Red Hat Enterprise Linux 7 0:1.8.0-28.el7_9

Red Hat/Red Hat Enterprise Linux 8 0:1.13.1-2.el8_9.4

Red Hat/Red Hat Enterprise Linux 8 0:1.20.11-22.el8

Red Hat/Red Hat Enterprise Linux 8 0:21.1.3-15.el8

... and 17 more

Published Dec 13, 2023

Tracked Since Feb 18, 2026