7.8

CVE-2023-6377

Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Eus Version9.2
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
DebianDebian Linux Version12.0
X.OrgX Server Version < 21.1.10
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version8.0
   RedhatEnterprise Linux Version9.0
X.OrgXwayland Version < 23.2.3
   RedhatEnterprise Linux Version8.0
   RedhatEnterprise Linux Version9.0
TigervncTigervnc Version-
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version8.0
   RedhatEnterprise Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.59% 0.724
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.openwall.com/lists/oss-security/2023/12/13/1
https://access.redhat.com/errata/RHSA-2024:0010
https://access.redhat.com/errata/RHSA-2024:2169
https://access.redhat.com/errata/RHSA-2024:2170
https://access.redhat.com/errata/RHSA-2024:2995
https://access.redhat.com/errata/RHSA-2024:2996
https://security.gentoo.org/glsa/202401-30
https://access.redhat.com/errata/RHSA-2023:7886
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0006
https://access.redhat.com/errata/RHSA-2024:0009
https://access.redhat.com/errata/RHSA-2024:0014
https://access.redhat.com/errata/RHSA-2024:0015
https://access.redhat.com/errata/RHSA-2024:0016
https://access.redhat.com/errata/RHSA-2024:0017
https://access.redhat.com/errata/RHSA-2024:0018
https://access.redhat.com/errata/RHSA-2024:0020
https://access.redhat.com/security/cve/CVE-2023-6377
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253291
Issue Tracking
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
Patch
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
Mailing List
https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/
https://security.netapp.com/advisory/ntap-20240125-0003/
https://www.debian.org/security/2023/dsa-5576
https://access.redhat.com/errata/RHSA-2025:13998