CVE-2023-6816

CRITICAL

X.org X Server < 21.1.11 - Out-of-Bounds Write

Title source: rule

Description

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

References (23)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2024:0320

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0557

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0558

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0597

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0607

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0614

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2023-6816

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2257691

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html

[Third Party Advisory] https://security.gentoo.org/glsa/202401-30

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240307-0006/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/

[Mailing List] http://www.openwall.com/lists/oss-security/2024/01/18/1

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0617

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0621

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0626

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0629

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:2169

... and 3 more

Scores

CVSS v3 9.8

EPSS 0.0326

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (7)

x.org/x_server < 21.1.11

x.org/xwayland < 23.2.4

fedoraproject/fedora

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

debian/debian_linux

Timeline

Published Jan 18, 2024

Tracked Since Feb 18, 2026